Checkpoint: >> Gaia Os >> r81 Security Vulnerabilities
CVE-2026-50751
A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password.
Known exploited
CVSS Score
9.3
EPSS Score
0.118
Published
2026-06-08
In rare scenarios, the cpca process on the Security Management Server / Domain Management Server may exit unexpectedly, creating a core dump file. When the cpca process is down, VPN and SIC connectivity issues may occur if the CRL is not present in the Security Gateway's CRL cache.
CVSS Score
5.3
EPSS Score
0.003
Published
2025-02-06
Authenticated Gaia users can inject code or commands by global variables through special HTTP requests. A Security fix that mitigates this vulnerability is available.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-11-07