Description
A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.
Published: 2026-06-08
Score: 7.4 High
EPSS: 4.9% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This weakness corresponds to CWE-295, indicating a Certificate Validation Failure. The vulnerability lies in the certificate validation logic of the deprecated IKEv1 key exchange. An unauthenticated attacker positioned as a man-in-the-middle can bypass certificate checks for site-to-site VPN connections that use certificate-based authentication. Successful exploitation permits interception or modification of all traffic flowing through the VPN tunnel, effectively compromising confidentiality and integrity of the communication channel.

Affected Systems

The affected platforms are Checkpoint Quantum Security Gateway and Checkpoint Spark Firewalls. No specific firmware or software version information is supplied; therefore any deployment that still relies on IKEv1 for site-to-site VPNs is likely vulnerable.

Risk and Exploitability

The CVSS score of 7.4 indicates high severity, and an EPSS score of 4% indicates a low but measurable probability of exploitation, while the lack of a KEV listing suggests the vulnerability is not yet widely exploited in the wild. The likely attack vector involves an attacker spoofing one or both VPN peers to insert themselves between the legitimate endpoints, exploiting the IKEv1 certificate validation flaw to accept a forged or expired certificate and thereby gain full access to the tunnel traffic.

Generated by OpenCVE AI on June 18, 2026 at 07:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Checkpoint firmware to a version that removes support for IKEv1 or applies a patch that addresses the CWE-295 certificate validation flaw in the VPN logic
  • Reconfigure VPN deployments to use IKEv2 exclusively, disabling IKEv1 at the site-to-site level to eliminate the CWE-295 vulnerability
  • Ensure that certificate-based authentication is only used with protocols that have proven validation procedures, thereby mitigating the CWE-295 risk, and monitor tunnels for anomalies that could indicate a man-in-the-middle attack

Generated by OpenCVE AI on June 18, 2026 at 07:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 10 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 09 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Checkpoint
Checkpoint quantum Security Gateway
Checkpoint spark Firewalls
Vendors & Products Checkpoint
Checkpoint quantum Security Gateway
Checkpoint spark Firewalls

Mon, 08 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 08 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Description A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.
Title Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1
Weaknesses CWE-295
References
Metrics cvssV3_1

{'score': 7.4, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N'}

Subscriptions

Checkpoint Quantum Security Gateway Spark Firewalls
cve-icon MITRE

Status: PUBLISHED

Assigner: checkpoint

Published:

Updated: 2026-06-10T13:36:24.946Z

Reserved: 2026-06-07T09:42:08.252Z

Link: CVE-2026-50752

cve-icon Vulnrichment

Updated: 2026-06-08T12:55:47.994Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-06-08T12:16:32.503

Modified: 2026-06-08T14:57:49.490

Link: CVE-2026-50752

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T07:30:05Z

Weaknesses
  • CWE-295

    Improper Certificate Validation