Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

BeyondTrust Remote Support and Privileged Remote Access CVE-2026-1731 active exploitation wave

Exploitation Wave
First reported
Last updated
Happening score
H score 63
1 unique sources, 3 articles

Summary

Hide ▲

CVE-2026-1731 in BeyondTrust Remote Support and Privileged Remote Access is now seeing first in-the-wild exploitation, putting exposed appliances at risk of remote command execution. The activity targets exposed portals and abuses /get_portal_info to extract the X-Ns-Company value before establishing a WebSocket channel. Hacktron said about 11,000 instances were exposed online, including roughly 8,500 on-premises deployments, expanding the pool of systems at risk. Unpatched self-hosted appliances should be treated as high priority because the exploit requires no authentication or user interaction.

Cases

BeyondTrust CVE-2026-1731 exploitation and remediation (3)

Related Happenings

ChromaDB Python API exposure mitigation (CVE-2026-45829)

Advisory/Mitigation
First: 20.05.2026 01:25 Last: 20.05.2026 01:25 Sources 1

About this happening: **HiddenLayer** urged **ChromaDB** users to harden exposed deployments because **CVE-2026-45829** can still enable code execution on the **Python FastAPI** server. Until patch sta...

Open Happening

OpenDCIM multi-flaw exploitation wave (CVE-2026-28515, CVE-2026-28516, CVE-2026-28517)

Exploitation Wave
First: 17.05.2026 14:57 Last: 17.05.2026 14:57 Sources 1

About this happening: **openDCIM** is seeing an **active exploitation wave** tied to **CVE-2026-28515**, **CVE-2026-28516**, and **CVE-2026-28517**, with attackers targeting vulnerable installations an...

Open Happening

Burst Statistics authentication bypass (CVE-2026-8181)

Vulnerability
First: 15.05.2026 00:07 Last: 15.05.2026 00:07 Sources 1

About this happening: **Burst Statistics** on **WordPress sites** is facing active exploitation of **CVE-2026-8181**, a critical **authentication bypass** that can let unauthenticated attackers imperso...

Open Happening

SAP Commerce Cloud missing authentication check remote code execution flaw (CVE-2026-34263)

Vulnerability
First: 12.05.2026 14:04 Last: 12.05.2026 14:04 Sources 1

About this happening: **CVE-2026-34263** is a critical **SAP Commerce Cloud** flaw that can let **unauthenticated attackers** execute code on vulnerable servers. The weakness is a **missing authenticat...

Open Happening

OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation

Security Tool/Service
First: 12.05.2026 09:55 Last: 12.05.2026 09:55 Sources 1

About this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...

Open Happening

Timeline

  1. 12.02.2026 23:34 3 articles · 3mo ago

    Hacktron discloses CVE-2026-1731 in BeyondTrust appliances

    Technical Analysis Update

    Hacktron discovered CVE-2026-1731 in BeyondTrust Remote Support and Privileged Remote Access appliances and responsibly disclosed it to BeyondTrust on January 31, with roughly 11,000 Remote Support instances exposed online and about 8,500 on-premises deployments.

    Show sources
    Open in new tab
  2. 12.02.2026 23:34 1 articles · 3mo ago

    BeyondTrust patches SaaS instances for CVE-2026-1731

    Mitigation Patch Update

    BeyondTrust automatically patched all Remote Support and Privileged Remote Access SaaS instances on February 2, 2026, while self-hosted customers of the affected appliances still had to install patches manually.

    Show sources
    Open in new tab
  3. 12.02.2026 23:34 1 articles · 3mo ago

    BeyondTrust publicly warns on CVE-2026-1731

    Initial Disclosure

    BeyondTrust disclosed CVE-2026-1731 on February 6, warning that unauthenticated attackers could trigger a critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and older Privileged Remote Access versions by sending specially crafted client requests.

    Show sources
    Open in new tab
  4. 12.02.2026 23:34 2 articles · 3mo ago

    watchTowr reports first exploitation of exposed BeyondTrust portals

    Exploitation Observed

    watchTowr reported first in-the-wild exploitation of exposed BeyondTrust portals on February 12, 2026, saying attackers were abusing /get_portal_info to extract the X-Ns-Company value before establishing a WebSocket channel and execute commands on vulnerable systems.

    Show sources
    Open in new tab