CVE-2026-50751
Severity CVSS v4.0:
Pending analysis
Type:
CWE-287
Authentication Issues
Publication date:
08/06/2026
Last modified:
09/06/2026
Description
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
Impact
Base Score 3.x
9.30
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:checkpoint:gaia_os:*:*:*:*:*:*:*:* | r80.40 (including) | r81.20 (excluding) |
| cpe:2.3:o:checkpoint:gaia_os:r81.20:-:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_10:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_101:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_103:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_105:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_111:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_113:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_115:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_118:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_119:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_120:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_122:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_126:*:*:*:*:*:* | ||
| cpe:2.3:o:checkpoint:gaia_os:r81.20:take_127:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page



