The US Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent directive for federal government agencies to secure systems affected by a critical security flaw that is actively being exploited by hackers. The vulnerability, identified as CVE-2026-50751, impacts specific Check Point Remote Access VPN and Mobile Access products, allowing attackers to gain unauthorized remote access to targeted systems.
Vulnerability Added to KEV Catalog
CISA has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog and has ordered Federal Civilian Executive Branch agencies, including the Departments of Homeland Security, State, and Treasury, to apply fixes by June 11. The agency emphasized that the flaw poses a significant risk to federal networks and is already being used in real-world attacks.
Link to Ransomware Attacks
According to Check Point, the vulnerability enables unauthenticated attackers to bypass authentication and establish remote VPN connections on affected systems. It specifically impacts deployments using the older IKEv1 key exchange protocol, particularly those that do not require machine certificates and still support legacy remote access clients. Check Point released security updates on Monday, June 8, noting that exploitation attempts began on May 7 and escalated sharply over the past weekend. The company reported that attacks have affected only a few dozen organizations globally so far, but at least one confirmed breach was linked to a Qilin ransomware affiliate.
"To date, the observed exploitation has been limited to a few dozen targeted organizations globally. One case involved confirmed post-compromise activity associated with Qilin ransomware affiliate," Check Point stated. "Customers using IKEv1 key exchange protocol are strongly encouraged to apply the available security updates immediately."
CISA Mandates Immediate Action
CISA has described the flaw as a serious threat, noting that such vulnerabilities are frequently targeted by cybercriminals and ransomware groups. "This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise," the agency said. Federal agencies have been instructed to apply vendor-provided fixes, follow existing security guidance, or discontinue use of affected products if mitigations are unavailable.
The TOI Tech Desk, a dedicated team of journalists at The Times of India, delivers the latest technology news, including gadget launches, reviews, trends, and cybersecurity updates, ensuring accuracy and authenticity.
