Actively Exploited in the Wild

This vulnerability is being actively exploited in the wild.

Primary

Context

Check Point Remote Access and Mobile Access VPN Authentication Bypass Vulnerability via IKEv1 Logic Flow Weakness

Vulnerability

Exploited

A logic flow vulnerability has been identified in Check Point's Remote Access and Mobile Access VPN services, specifically within the deprecated IKEv1 key exchange protocol. This vulnerability allows an unauthenticated remote attacker to bypass user authentication and establish a VPN connection without a valid password. The issue arises from improper certificate validation, creating a loophole that can be exploited to gain unauthorized access.

Impact

Exploitation of this vulnerability allows for unauthorized users to establish remote access VPN connections, bypassing authentication requirements.

Added: Jun 8, 2026, 12:20 PM

Updated: Jun 8, 2026, 7:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

9.1

remediation

0.0

relevance

9.4

threat

8.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

9.1

remediation

0.0

relevance

9.4

threat

8.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Actively Exploited in the Wild

Check Point Remote Access and Mobile Access VPN Authentication Bypass Vulnerability via IKEv1 Logic Flow Weakness

Vulnerability

Impact

Affected Products

Check Point Remote Access

Check Point Mobile Access

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating