The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal government agencies to urgently secure systems affected by a critical security flaw that is being actively exploited by hackers. The vulnerability, tracked as CVE-2026-50751, affects certain Check Point Remote Access VPN and Mobile Access products and can allow attackers to gain unauthorized remote access to targeted systems. CISA has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog and directed Federal Civilian Executive Branch agencies, including departments such as Homeland Security, State and Treasury, to apply fixes by June 11. The agency warned that the flaw poses a significant risk to federal networks and is already being used in real-world attacks.
Vulnerability linked to ransomware attacks
According to Check Point, the flaw allows unauthenticated attackers to bypass authentication and establish remote VPN connections on affected systems. The vulnerability impacts deployments using the older IKEv1 key exchange protocol, particularly systems that do not require machine certificates and still support legacy remote access clients.Check Point released security updates on Monday, June 8 and said attacks exploiting the flaw began on May 7 before increasing sharply over the past weekend. The cybersecurity company said the attacks have affected only a few dozen organizations globally so far, but at least one confirmed breach was linked to a Qilin ransomware affiliate.“To date, the observed exploitation has been limited to a few dozen targeted organizations globally. One case involved confirmed post-compromise activity associated with Qilin ransomware affiliate,” Check Point said.“Customers using IKEv1 key exchange protocol are strongly encouraged to apply the available security updates immediately.”
CISA orders immediate action
CISA said the flaw represents a serious threat because vulnerabilities of this type are frequently targeted by cybercriminals and ransomware groups.“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” the agency said.Federal agencies have been instructed to apply vendor-provided fixes, follow existing security guidance or stop using affected products if mitigations are not available.
