VPN vulnerability prompts Check Point (CHKP) to issue security hotfix

Rhea-AI Filing Summary

Check Point Software Technologies Ltd. reported discovering a security vulnerability affecting Remote Access VPN and Mobile Access features in certain configurations of its security gateway products. The company became aware of the issue on June 4, 2026, activated incident response procedures, investigated, and released a software update to fix the flaw.

The vulnerability can, in some circumstances, be exploited to gain unauthorized access to customer environments, and Check Point has identified instances where this occurred. The company has issued a detailed security advisory with mitigation and upgrade guidance and is contacting affected customers directly. Based on its investigation to date, Check Point states it has not determined that the issue is reasonably likely to have a material impact on the company, including its financial condition or results of operations.

Insights

Cybersecurity risk analyst

Check Point discloses and patches a product vulnerability, with no material impact determined so far.

Check Point Software Technologies describes a security vulnerability in certain security gateway configurations affecting Remote Access VPN and Mobile Access. After identifying the issue on June 4, 2026, the company initiated incident response, investigated, and issued a software update and public advisory describing affected setups and mitigation steps.

The disclosure notes that the flaw has, in some cases, enabled unauthorized access to customer environments, highlighting operational and reputational risk. However, Check Point states that, based on current information, it has not determined the matter is reasonably likely to be material to its financial condition or results of operations.

The investigation is ongoing, and Check Point is communicating directly with customers using affected configurations while providing upgrade guidance. Future company filings may offer more detail on any longer-term customer, legal, or financial effects if they emerge.

Key Terms

security vulnerability, Remote Access VPN, Mobile Access, indicators of compromise, +1 more

5 terms

security vulnerability technical

"the Company has identified a security vulnerability affecting Remote Access VPN and Mobile Access"

Remote Access VPN technical

"affecting Remote Access VPN and Mobile Access functionality in certain configurations"

Mobile Access technical

"affecting Remote Access VPN and Mobile Access functionality in certain configurations"

indicators of compromise technical

"describing the affected configurations, mitigation measures, observed indicators of compromise, and providing upgrade guidance"

Indicators of compromise are observable signs that a computer system or network has been breached or is under attack—unusual files, strange network traffic, unexpected account activity or other anomalies that act like footprints or fingerprints left by intruders. They matter to investors because these signs can reveal past or ongoing cyberattacks that may disrupt operations, harm reputation, trigger regulatory penalties, and reduce a company’s value, so detecting them affects risk assessment and portfolio decisions.

forward-looking statements regulatory

"Legal Notice Regarding Forward-Looking Statements This report contains forward-looking statements"

Forward-looking statements are predictions or plans that companies share about what they expect to happen in the future, like estimating sales or profits. They matter because they help investors understand a company's outlook, but since they are based on guesses and assumptions, they can sometimes be wrong.

See more from StockTitan in Google Search and AI answers. Adds StockTitan as a preferred source · opens Google

Add on Google Not now

Form 6-K: How Foreign Companies Report to the SEC →

UNITED STATES

SECURITIES AND EXCHANGE COMMISSION 

Washington, D.C. 20549

FORM 6-K

Report of Foreign Private Issuer Pursuant to Rule 13a-16 or 15d-16 of

the Securities Exchange Act of 1934

For the Month of June 2026

Commission File Number 0-28584

Check Point Software Technologies Ltd. 

(Translation of registrant’s name into English)

5 Shlomo Kaplan Street, Tel Aviv, Israel

(Address of principal executive office)

Indicate by check mark whether the registrant files or will file annual reports under cover Form 20-F or Form 40-F.

Form 20-F ☒ Form 40-F ☐

Indicate by check mark whether the registrant by furnishing the information contained in this Form is also thereby furnishing the information to the Commission pursuant to Rule 12g3-2(b) under the Securities Exchange Act of 1934.

Yes ☐ No ☒ 

If “Yes” is marked, indicate below the file number assigned to the registrant in connection with Rule 12g3-2(b): N/A

This Form 6-K is incorporated by reference into the Registrant’s Form S-8 File Nos. 333-132954, 333-207335, 333-211113, 333-228075, 333-235322, 333-240141, 333-276518, 333-278473, 333-285866, 333-290131 and 333-294763.

Explanatory Note

Check Point Software Technologies Ltd. (“Check Point” or the “Company”) today announced that the Company has identified a security vulnerability affecting Remote Access VPN and Mobile Access functionality in certain configurations of Check Point’s security gateway products, and has released a software update that addresses this vulnerability. As of the date of this filing, the Company is not aware of its own network being affected by this vulnerability. Under certain circumstances, the vulnerability could be exploited to obtain unauthorized access to an environment in which the affected products are deployed.

The Company became aware of the vulnerability on June 4, 2026, and it activated the Company’s research and incident response procedures, initiated an investigation, and worked to identify a solution to remediate the vulnerability. While the investigation is ongoing, the Company has identified instances of unauthorized access to customer environments through the exploitation of this vulnerability.

The Company has published a security advisory describing the affected configurations, mitigation measures, observed indicators of compromise, and providing upgrade guidance, available on a dedicated blog on its website at https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol. While the Company’s investigation remains ongoing, Check Point is communicating directly with customers known to have deployed affected configurations.

Based on the available information and the investigation to date, the Company has not determined that this matter is reasonably likely to have a material impact on the Company, including its financial condition or results of operations.

Legal Notice Regarding Forward-Looking Statements

This report contains forward-looking statements. Forward-looking statements generally relate to future events or our future financial or operating performance. Forward-looking statements in this report include, but are not limited to, the Company’s statements regarding the vulnerability described in this report. Our expectations and beliefs regarding these matters may not materialize, and actual results or events in the future are subject to risks and uncertainties that could cause actual results or events to differ materially from those projected. The forward-looking statements contained in this report are subject to other risks and uncertainties, including those more fully described in our filings with the Securities and Exchange Commission, including our Annual Report on Form 20-F filed with the SEC on March 31, 2026. The forward-looking statements in this report are based on information available to the Company as of the date hereof, and the Company disclaims any obligation to update any forward-looking statements, except as required by law. 

SIGNATURES

Pursuant to the requirements of the Securities Exchange Act of 1934, the registrant has duly caused this report to be signed on its behalf by the undersigned, thereunto duly authorized.

Check Point Software Technologies Ltd.

By: /S/ Shira Yashar

Name: Shira Yashar

Title: General Counsel

Date: June 8, 2026

FAQ

What security issue did Check Point (CHKP) disclose in this 6-K filing?

Check Point disclosed a security vulnerability in certain configurations of its security gateway products, affecting Remote Access VPN and Mobile Access functionality. The flaw can, under some circumstances, allow unauthorized access to environments where these affected configurations are deployed.

How is Check Point (CHKP) responding to the identified VPN vulnerability?

Check Point activated its research and incident response procedures, launched an investigation, and released a software update that addresses the vulnerability. It also published a detailed security advisory and is communicating directly with customers known to use affected configurations.

Has Check Point (CHKP) found unauthorized access linked to this vulnerability?

Yes. While investigating, Check Point identified instances of unauthorized access to customer environments through exploitation of the vulnerability. The company’s own network has not, as of the filing date, been found to be affected by this specific issue.

Does Check Point (CHKP) expect a material financial impact from this vulnerability?

Based on information available and the investigation to date, Check Point states it has not determined that this matter is reasonably likely to have a material impact on the company, including its financial condition or results of operations.

Where can Check Point (CHKP) customers find guidance on this security vulnerability?

Customers can refer to Check Point’s published security advisory on its website, which describes affected configurations, mitigation measures, observed indicators of compromise, and upgrade guidance, including a hotfix for vulnerabilities in the deprecated IKEv1 VPN protocol.