Check Point warns of ransomware-linked attacks exploiting outdated VPN protocol
Summary
Check Point released emergency hotfixes for two vulnerabilities in VPN products that still use IKEv1 (Internet Key Exchange version 1, an outdated encryption protocol). The more critical flaw, CVE-2026-50571, allows attackers to log into VPNs without a valid password, giving them access to corporate networks. Attackers have already exploited this vulnerability since early May, including in ransomware attacks.
Solution / Mitigation
Check Point issued three explicit mitigations: (1) search SmartConsole logs (Check Point's management console) for suspicious VPN certificate authentication attempts using the provided queries; (2) disable support for legacy Remote Access client connections and configure VPN authentication to use only IKEv2 instead of IKEv1; and (3) make machine certificate authentication mandatory. Most importantly, Check Point released downloadable hotfixes for each affected software version (R80.20.X, R80.40, R81, R81.10, R81.10.X, R81.20, R82, R82.00.X, R82.10) which customers should apply immediately.
Classification
Original source: https://www.csoonline.com/article/4182898/check-point-warns-of-ransomware-linked-attacks-exploiting-outdated-vpn-protocol.html
First tracked: June 9, 2026 at 08:00 AM
Classified by LLM (prompt v3) · confidence: 95%