CISA orders patch for Check Point VPN zero-day
🔒 CISA has directed U.S. federal agencies to patch a critical Check Point Remote Access VPN and Mobile Access vulnerability (CVE-2026-50751) that has been exploited in active attacks since May 7. The flaw allows unauthenticated remote attackers to bypass authentication on systems using the deprecated IKEv1 key exchange and legacy remote access clients. Check Point released updates and provided mitigations for organizations that cannot immediately patch, while CISA added the issue to its KEV Catalog and set a June 11 compliance deadline for federal agencies.
