Check Point Remote Access VPNs are vulnerable to a critical authentication bypass (CVE-2026-50751, CVSS 9.3) within the IKEv1 key exchange process. By sending a crafted 'VPNExtFeatures' Vendor ID payload, an attacker can manipulate the negotiation state to skip certificate signature verification, allowing full network access using only a valid username and the gateway's public ICA organization string.