Check Point discloses and patches a critical zero-day vulnerability affecting its Remote Access VPN and Mobile Access products. Multiple outlets report that the flaw is tracked as CVE-2026-50751 and has a CVSS score of 9.3. According to the reporting, the vulnerability allows an unauthenticated attacker to bypass password-based authentication, enabling attackers to establish VPN connections without valid credentials.
Several sources say Check Point links exploitation of the bug to a Qilin ransomware affiliate and notes that attacks occur in the wild. One outlet reports the vulnerability was exploited for roughly a month before a patch was available, indicating a window between initial compromise and remediation. Check Point provides security updates for Remote Access VPN and Mobile Access deployments to address the issue.
While outlets vary slightly in emphasis, they consistently describe the same affected products, the authentication bypass nature of the vulnerability, and the attribution to Qilin activity as provided by Check Point. The coverage focuses on the disclosure, the patch release, and the timeline of exploitation prior to mitigation.
