Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1

7.4 / 10

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Description

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.

Basic Information

ID CVE-2026-50752

Source checkpoint

Published Jun 8, 2026 at 11:00

Affected Product

Vendor checkpoint

Product Quantum Security Gateway

Version R82.10 with Jumbo Hotfix Take 19 or below

Affected Versions checkpoint Quantum Security Gateway R82.10 with Jumbo Hotfix Take 19 or below
checkpoint Quantum Security Gateway R82 with Jumbo Hotfix Take 103 or below
checkpoint Quantum Security Gateway R81.20 with Jumbo Hotfix Take 141 or below
checkpoint Quantum Security Gateway R81.10, R81, and R80.40
checkpoint Spark Firewalls R80.20.X, R81.10.X, and R82.00.X

CWE Classification

CWE-295

References

support.checkpoint.com /results/sk/sk185035

{
    "lastseen": "",
    "description": "A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.",
    "published": "2026-06-08T11:00:38.563Z",
    "modified": "2026-06-08T11:00:38.563Z",
    "type": "cve",
    "title": "Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1",
    "source": "checkpoint",
    "references": "https://support.checkpoint.com/results/sk/sk185035",
    "id": "CVE-2026-50752",
    "bulletinFamily": "",
    "cwe": [
        "CWE-295"
    ],
    "cvelist": null,
    "sourceData": "checkpoint Quantum Security Gateway R82.10 with Jumbo Hotfix Take 19 or below\ncheckpoint Quantum Security Gateway R82 with Jumbo Hotfix Take 103 or below\ncheckpoint Quantum Security Gateway R81.20 with Jumbo Hotfix Take 141 or below\ncheckpoint Quantum Security Gateway R81.10, R81, and R80.40\ncheckpoint Spark Firewalls R80.20.X, R81.10.X, and R82.00.X",
    "sourceHref": "",
    "cvss": {
        "score": 7.4,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Quantum Security Gateway",
    "version": "R82.10 with Jumbo Hotfix Take 19 or below",
    "vendor": "checkpoint",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Certificate Validation Bypass in VPN Site-to-Site Connections Using IKEv1_CVE-2026-50752