Skip to main content
A Singapore Government Agency Website How to identify
Official website links end with .gov.sg
Government agencies communicate via .gov.sg websites (e.g. go.gov.sg/open). Trusted websites
Secure websites use HTTPS
Look for a lock () or https:// as an added precaution. Share sensitive information only on official, secure websites.

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
Alerts

Critical Vulnerability in Check Point VPN

9 June 2026

Attackers are actively exploiting a critical vulnerability in Check Point VPN to bypass authentication and gain unauthorised remote access. Apply security updates immediately.

Background

Check Point has released a security update to address a critical authentication bypass vulnerability (CVE-2026-50751) affecting Remote Access VPN and Mobile Access deployments. This vulnerability has a Common Vulnerability Scoring System (CVSS v3.1) score of 9.3 out of 10.

Impact

Due to a logic flow weakness in certificate validation, successful exploitation of this vulnerability could allow an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without valid user credentials.

The vulnerability requires all of the following configurations to be in place in order for attackers to exploit:

  1. VPN Remote Access or Mobile Access is enabled

  1. IKEv1 is enabled for remote access

  1. Gateways accept legacy Remote Access clients

  1. Gateways do not demand a machine certificate for connections

Known Exploitation

This vulnerability is being actively exploited in the wild.

Affected Products

This vulnerability affects the following product versions.

Security Gateways:

  • R82.10 Jumbo Hotfix Take 19 or below

  • R82 Jumbo Hotfix Take 103 or below

  • R81.20 Jumbo Hotfix Take 141 or below

  • R81.10 (EOS)

  • R81 (EOS)

  • R80.40 (EOS)

Spark Firewalls: 

  • R80.20.X (EOS)

  • R81.10.X

  • R82.00.X

Recommendations

Users and administrators of affected products are advised to upgrade deployments to the minimum required Jumbo Hotfix Take or software version specified in the official Check Point advisory.

References

https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/

https://support.checkpoint.com/results/sk/sk185033 

https://nvd.nist.gov/vuln/detail/CVE-2026-50751

https://thehackernews.com/2026/06/critical-check-point-vpn-flaw-exploited.html 

Back to top