The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch a critical vulnerability in Check Point Software Technologies' VPN products. Agencies must resolve the security flaw by June 11. The vulnerability is identified as CVE-2026-50751.
The security gap allows unauthenticated attackers to bypass authentication and gain remote access to networks. Hackers have been actively exploiting the flaw since May 7. At least one breach involves the Qilin ransomware group.
The vulnerability affects Check Point's Remote Access VPN and Mobile Access products. These systems were configured with a deprecated protocol. Check Point has released security updates and urged all customers to apply patches immediately.