“To date, the observed exploitation has been limited to a few dozen targeted organizations globally,” Lotem Finkelstein, vice president of research at Check Point, said in a security blog post. “One case involved confirmed post-compromise activity associated with a Qilin ransomware affiliate.”
The vulnerabilities affect customers using Remote Access VPN, Mobile Access VPN, and certain Spark Firewall products configured for IKEv1.
While the said protocol has been considered legacy technology for years, it remains enabled in some environments for compatibility reasons. Check Point is urging affected customers to apply the newly released hotfixes immediately and, where possible, migrate from IKEv1 to the newer IKEv2 protocol.
The deprecated protocol became an active risk
The exploited bug, tracked as CVE-2026-50571, affects deployments that continue to accept IKEv1-based remote access connections.
Click Here For The Original Source.
