Check Point Security Updates – 09 June 2026

Check Point has released security updates to fix several vulnerabilities across multiple Check Point products.

The addressed vulnerabilities could allow the attacker to perform denial-of-service or man-in-the-middle attacks, manipulate data, or bypass authentication and gain unauthorized access to the affected systems.

Sample of the addressed vulnerabilities:

1. Check Point VPN Remote Access and Mobile Access in Deprecated IKEv1 Key Exchange User Authentication Bypass Vulnerability (CVE-2026-50751):

  • CVSS: 9.3
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Gain Access

2. Check Point VPN Site-to-Site Certificate Bypass Vulnerability in Deprecated IKEv1 Key Exchange (CVE-2026-50752):

  • CVSS: 7.4
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Man-in-the-Middle

The affected products:

  • Check Point Mobile Access.
  • Check Point SSL VPN.
  • Check Point Remote Access VPN.
  • Check Point Spark Firewall.
  • Check Point Security Gateways.
  • Check Point Multi-Domain Security Management.

It should be highlighted that Check Point is aware that the zero-day vulnerability “CVE-2026-50751” is being exploited in the wild.

Vulnerabilities
  • CVE-2026-50751
  • CVE-2026-50752
  • CVE-2026-48136
  • CVE-2026-48134
  • CVE-2026-48135
  • CVE-2026-48133
  • CVE-2026-48131
  • CVE-2026-48132
Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

Check Point Security Advisory

References