Remote Access VPN bypass exploited in wild (CVE-2026-50751) [PoC]

Actively exploited in the wild - CVE-2026-50751 is a critical authentication bypass in Remote Access and Mobile Access certificate validation for IKEv1 key exchange that grants unauthenticated attackers a full remote access VPN connection without a valid password.

Overview

This vulnerability exists in the IKEv1 certificate validation logic used by Remote Access and Mobile Access VPN gateways. Due to a logic flow weakness, the system incorrectly accepts manipulated certificate exchanges, allowing an attacker who can reach the VPN endpoint over the network to establish a VPN tunnel without supplying any user credentials. The attack requires no authentication, no user interaction, and can be launched from the internet against any exposed IKEv1 endpoint.

Impact

An unauthenticated, remote attacker with network access to the affected VPN gateway can bypass user authentication entirely. This grants them the ability to establish a remote access VPN session as any legitimate user, gaining full network-level access to the internal resources that the VPN normally protects. The severity is CRITICAL (CVSS 9.3) because the attack vector is network-based with low complexity and no privileges required.

Affected Products

Any Remote Access or Mobile Access VPN gateway that supports IKEv1 certificate-based authentication is potentially vulnerable. Products running IKEv1 in legacy or deprecated modes are most at risk. Check your vendor’s security advisory for specific version ranges.

Remediation

Organizations should immediately apply the vendor-supplied patch or upgrade to the fixed software version listed in the official security advisory. If patching is not immediately possible, disable IKEv1 support on all VPN gateways and switch to IKEv2, which does not use the vulnerable certificate validation code path. As a compensating control, restrict network access to IKEv1 ports (UDP 500 and 4500) to trusted IP ranges only, though this is not a complete mitigation.

Security Insight

This vulnerability reinforces a recurring pattern where deprecated cryptographic protocols become hidden attack surfaces. IKEv1 has been formally deprecated for years, yet its continued support in VPN products creates a blind spot for security teams. This CVE shows that a simple logic error in a legacy feature can completely bypass modern authentication controls. Organizations should audit their VPN infrastructure for any remaining IKEv1 configurations and treat deprecated protocol support as a security debt requiring immediate remediation. For the latest breach reports, see breach reports, and for ongoing cybersecurity news, visit security news.

Further Reading

• All Critical Vulnerabilities
• Recent Critical Vulnerabilities
• Top Critical CVEs