Check Point Remote Access VPN and Mobile Access contain a critical authentication bypass (CVE-2026-50751, CVSS 9.1) that the Qilin ransomware group exploited as a zero-day for approximately one month before the patch was available. Any organization that ran an affected gateway during that window should assume potential compromise and conduct retroactive log review, not just apply the patch.