Description
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.
Published: 2026-06-08
Score: 7.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability lies in the certificate validation logic of the deprecated IKEv1 key exchange. An unauthenticated attacker positioned as a man‑in‑the‑middle can bypass certificate checks for site‑to‑site VPN connections that use certificate‑based authentication. Successful exploitation permits interception or modification of all traffic flowing through the VPN tunnel, effectively compromising confidentiality and integrity of the communication channel.

Affected Systems

The affected platforms are Checkpoint Quantum Security Gateway and Checkpoint Spark Firewalls. No specific firmware or software version information is supplied; therefore any deployment that still relies on IKEv1 for site‑to‑site VPNs is likely vulnerable.

Risk and Exploitability

The CVSS score of 7.4 indicates high severity, and although EPSS data is unavailable, the lack of a KEV listing suggests the vulnerability is not yet widely exploited in the wild. The likely attack vector involves an attacker spoofing one or both VPN peers to insert themselves between the legitimate endpoints, exploiting the IKEv1 certificate validation flaw to accept a forged or expired certificate and thereby gain full access to the tunnel traffic.

Generated by OpenCVE AI on June 8, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Checkpoint firmware to a version that removes support for IKEv1 or issues a patch addressing the certificate validation logic
  • Reconfigure VPN deployments to use IKEv2 exclusively, disabling IKEv1 at the site‑to‑site level
  • Ensure that certificate‑based authentication is only used with protocols that have proven validation procedures, and monitor tunnels for anomalies that could indicate a man‑in‑the‑middle attack

Generated by OpenCVE AI on June 8, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 08 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.
Title Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: checkpoint

Published:

Updated: 2026-06-08T11:00:38.563Z

Reserved: 2026-06-07T09:42:08.252Z

Link: CVE-2026-50752

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-08T12:16:32.503

Modified: 2026-06-08T12:16:32.503

Link: CVE-2026-50752

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-08T12:30:23Z

Weaknesses