Skip to main content

Check Point Quantum CVE-2026-50752

| EUVDEUVD-2026-35046 HIGH
Improper Certificate Validation (CWE-295)
2026-06-08 checkpoint GHSA-89xv-5cj4-39m4
7.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.4 HIGH
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
ENISA EUVD
CRITICAL
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

2
Analysis Generated
Jun 08, 2026 - 12:21 vuln.today
CVE Published
Jun 08, 2026 - 11:00 nvd
HIGH 7.4

DescriptionCVE.org

A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN site-to-site connections that use certificate-based authentication. Successful exploitation could allow interception or modification of traffic traversing the VPN tunnel.

AnalysisAI

Certificate validation bypass in Check Point Quantum Security Gateway and Spark Firewalls allows network-positioned attackers to subvert IKEv1 certificate-based authentication in site-to-site VPN tunnels. A man-in-the-middle adversary can intercept or modify traffic traversing the tunnel without possessing valid credentials. No public exploit identified at time of analysis, and the issue is constrained to the deprecated IKEv1 protocol path.

Technical ContextAI

The flaw resides in the IKEv1 (Internet Key Exchange version 1) implementation used by Check Point's Quantum Security Gateway and Spark Firewall product lines (per CPE strings cpe:2.3:a:checkpoint:quantum_security_gateway and cpe:2.3:a:checkpoint:spark_firewalls). CWE-295 (Improper Certificate Validation) indicates the gateway fails to correctly verify one or more attributes of the peer certificate during the IKEv1 main/aggressive mode exchange - for example, missing chain-of-trust checks, weak signature verification, or accepting certificates outside the configured trust anchor. Because IKEv1 establishes IPsec Security Associations used for site-to-site VPNs, breaking certificate validation effectively breaks peer authenticity, enabling an active MitM to negotiate keys with both endpoints independently.

RemediationAI

Apply the fix described in Check Point support article sk185035 (https://support.checkpoint.com/results/sk/sk185035); the exact fixed Quantum/Spark build version is not enumerated in the provided data and should be retrieved from that advisory - patch status here is 'Patch available per vendor advisory.' As a primary compensating control, migrate site-to-site tunnels from the deprecated IKEv1 to IKEv2, which is unaffected by this validation path; the trade-off is that both VPN endpoints must support and be reconfigured for IKEv2, which may require coordination with third-party peers. If IKEv1 must remain temporarily, switch certificate-based authentication to pre-shared key (PSK) on affected tunnels (trade-off: weaker key-management hygiene and harder rotation), restrict the set of trusted CAs presented to IKE to the smallest possible internal CA, and route VPN endpoints over trusted underlay where MitM positioning is harder (private circuits, MPLS) rather than the public Internet.

Share

CVE-2026-50752 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy