A critical flaw in Check Point Security Gateway’s IKEv1 key exchange mechanism allows unauthenticated attackers to bypass authentication and establish unauthorized remote access VPN connections. The vulnerability does not require a valid user password and has been actively exploited by ransomware operators. Administrators must apply vendor mitigations or discontinue use by June 11, 2026.

Why it matters in Western Canada: Western Canadian organizations in government, healthcare, energy, and finance sectors commonly rely on Check Point Security Gateways for remote access and VPN infrastructure. Exploitation could grant attackers direct network access, facilitating data exfiltration, ransomware deployment, and compliance violations under PIPEDA and sector-specific regulations.

CVEs: CVE-2026-50751

---

Summary generated from the original advisory. Read the full source: cisa-kev