CVE-2026-50752 - Vulnerability Details - OpenCVE

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Checkpoint	Quantum Security Gateway Spark Firewalls

No data.

No data.

References

Link	Providers
https://support.checkpoint.com/results/sk/sk185035

History

Tue, 09 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Checkpoint Checkpoint quantum Security Gateway Checkpoint spark Firewalls
Vendors & Products		Checkpoint Checkpoint quantum Security Gateway Checkpoint spark Firewalls

Mon, 08 Jun 2026 13:30:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 08 Jun 2026 11:45:00 +0000

Type	Values Removed	Values Added
Description		A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.
Title		Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1
Weaknesses		CWE-295
References		https://support.checkpoint.com/results/sk/sk185035
Metrics		cvssV3_1 `{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}`

MITRE

Status: PUBLISHED

Assigner: checkpoint

Published: 2026-06-08T11:00:38.563Z

Updated: 2026-06-09T03:55:37.123Z

Reserved: 2026-06-07T09:42:08.252Z

Link: CVE-2026-50752

Vulnrichment

Updated: 2026-06-08T12:55:47.994Z

NVD

Status : Awaiting Analysis

Published: 2026-06-08T12:16:32.503

Modified: 2026-06-08T14:57:49.490

Link: CVE-2026-50752

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-50752", "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "state": "PUBLISHED", "assignerShortName": "checkpoint", "dateReserved": "2026-06-07T09:42:08.252Z", "datePublished": "2026-06-08T11:00:38.563Z", "dateUpdated": "2026-06-09T03:55:37.123Z"}, "containers": {"cna": {"affected": [{"product": "Quantum Security Gateway", "vendor": "checkpoint", "versions": [{"status": "affected", "version": "R82.10 with Jumbo Hotfix Take 19 or below"}, {"status": "affected", "version": "R82 with Jumbo Hotfix Take 103 or below"}, {"status": "affected", "version": "R81.20 with Jumbo Hotfix Take 141 or below"}, {"status": "affected", "version": "R81.10, R81, and R80.40"}]}, {"product": "Spark Firewalls", "vendor": "checkpoint", "versions": [{"status": "affected", "version": "R80.20.X, R81.10.X, and R82.00.X"}]}], "title": "Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1", "descriptions": [{"lang": "en", "value": "A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation.", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint", "dateUpdated": "2026-06-08T11:00:38.563Z"}, "references": [{"url": "https://support.checkpoint.com/results/sk/sk185035"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-08T00:00:00+00:00", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3", "id": "CVE-2026-50752"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-09T03:55:37.123Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-50752", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-08T12:55:43.174323Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-08T12:55:47.994Z"}}], "cna": {"title": "Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1", "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "checkpoint", "product": "Quantum Security Gateway", "versions": [{"status": "affected", "version": "R82.10 with Jumbo Hotfix Take 19 or below"}, {"status": "affected", "version": "R82 with Jumbo Hotfix Take 103 or below"}, {"status": "affected", "version": "R81.20 with Jumbo Hotfix Take 141 or below"}, {"status": "affected", "version": "R81.10, R81, and R80.40"}]}, {"vendor": "checkpoint", "product": "Spark Firewalls", "versions": [{"status": "affected", "version": "R80.20.X, R81.10.X, and R82.00.X"}]}], "references": [{"url": "https://support.checkpoint.com/results/sk/sk185035"}], "descriptions": [{"lang": "en", "value": "A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-295", "description": "CWE-295: Improper Certificate Validation."}]}], "providerMetadata": {"orgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "shortName": "checkpoint", "dateUpdated": "2026-06-08T11:00:38.563Z"}}}, "cveMetadata": {"cveId": "CVE-2026-50752", "state": "PUBLISHED", "dateUpdated": "2026-06-09T03:55:37.123Z", "dateReserved": "2026-06-07T09:42:08.252Z", "assignerOrgId": "897c38be-0345-43cd-b6cf-fe179e0c4f45", "datePublished": "2026-06-08T11:00:38.563Z", "assignerShortName": "checkpoint"}, "dataVersion": "5.2"}