Find notable cyber news and cases, enriched with sources, timelines, and signals.

BeyondTrust Remote Support and Privileged Remote Access pre-auth OS command injection (CVE-2026-1731)

Vulnerability
First reported
Last updated
Happening score
H score 75
2 unique sources, 5 articles

Summary

Hide ▲

CVE-2026-1731 is a critical pre-authentication OS command injection in BeyondTrust Remote Support and Privileged Remote Access that can let an unauthenticated attacker execute commands remotely in the site-user context. BeyondTrust patched Remote Support 25.3.1 and earlier and Privileged Remote Access 24.3.4 and earlier, with fixes in BT26-02-RS / 25.3.2+ and BT26-02-PRA / 25.1.1+. Research published on 2026-02-13 says watchTowr observed first in-the-wild exploitation across its global sensors, with attackers abusing get_portal_info to extract x-ns-company before establishing a WebSocket channel. Successful exploitation can lead to unauthorized access, data exfiltration, and service disruption.

Cases

Related Happenings

Check Point VPN CVE-2026-50751 targeted exploitation wave

Exploitation Wave
H score47 First: 08.06.2026 17:17 Last: 08.06.2026 17:17 Sources 1

About this happening: **CVE-2026-50751** is an **active exploitation wave** against **Check Point Remote Access VPN** and **Mobile Access** deployments that use **deprecated IKEv1**. The flaw is an **a...

Verizon 2026 DBIR shows vulnerability exploitation as the top breach access trend in 2025

Trend
H score39 First: 20.05.2026 03:04 Last: 20.05.2026 03:04 Sources 1

About this happening: **Vulnerability exploitation** became the leading breach access vector in **2025**, increasing compromise risk across **31,000 incidents** and **22,000+ confirmed breaches**. **Un...

OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation

Security Tool/Service
H score25 First: 12.05.2026 09:55 Last: 12.05.2026 09:55 Sources 1

About this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...

CPanel & WHM authentication-bypass exploitation wave (CVE-2026-41940)

Exploitation Wave
H score89 First: 04.05.2026 11:25 Last: 04.05.2026 11:25 Sources 1

About this happening: Active exploitation of **CVE-2026-41940** is driving a **large cPanel & WHM compromise wave**, putting exposed servers at risk of administrative takeover. **More than 40,000 serve...

Federal civilian executive branch agency hit by network compromise

Incident
H score21 First: 24.04.2026 23:34 Last: 24.04.2026 23:34 Sources 1

About this happening: A **federal civilian executive branch agency** was compromised in an **early September 2025** intrusion that left attackers with persistent access on **Cisco Firepower** and **Sec...

Timeline

  1. 09.02.2026 15:07 1 articles · 5mo ago

    BeyondTrust secures RS/PRA cloud systems

    Mitigation Patch Update

    BeyondTrust secured all RS/PRA cloud systems by February 2, 2026 and directed on-premises customers to manually upgrade to Remote Support 25.3.2 or later and Privileged Remote Access 25.1.1 or later if automatic updates were not enabled.

    Show sources
  2. 09.02.2026 10:03 4 articles · 5mo ago

    Harsh Jaiswal discovers CVE-2026-1731

    Technical Analysis Update

    Security researcher and Hacktron AI co-founder Harsh Jaiswal discovered CVE-2026-1731 in BeyondTrust Remote Support and older Privileged Remote Access through AI-enabled variant analysis, identifying a critical pre-authentication operating system command injection that could let an unauthenticated remote attacker execute operating system commands in the site-user context; he also estimated about 11,000 internet-exposed instances, including about 8,500 on-prem deployments, could remain vulnerable without patches.

    Show sources
  3. 09.02.2026 10:03 2 articles · 5mo ago

    BeyondTrust releases fixes for CVE-2026-1731

    Mitigation Patch Update

    BeyondTrust released advisory updates and patches for CVE-2026-1731 affecting Remote Support 25.3.1 and prior and Privileged Remote Access 24.3.4 and prior, with Remote Support fixed in BT26-02-RS, 25.3.2 and later, and Privileged Remote Access fixed in BT26-02-PRA, 25.1.1 and later; self-hosted customers were urged to manually apply the patch or upgrade older installations before remediation.

    Show sources
  4. 09.02.2026 10:03 2 articles · 5mo ago

    BeyondTrust releases fixes for CVE-2026-1731

    Mitigation Patch Update

    BeyondTrust released advisory updates and patches for CVE-2026-1731 affecting Remote Support 25.3.1 and prior and Privileged Remote Access 24.3.4 and prior, with Remote Support fixed in BT26-02-RS, 25.3.2 and later, and Privileged Remote Access fixed in BT26-02-PRA, 25.1.1 and later; self-hosted customers were urged to manually apply the patch or upgrade older installations before remediation.

    Show sources