Find notable cyber news and cases, enriched with sources, timelines, and signals.

CISA KEV mitigation for BeyondTrust CVE-2026-1731

Advisory/Mitigation
First reported
Last updated
Happening score
H score 46
1 unique sources, 1 articles

Summary

Hide ▲

CISA ordered urgent KEV mitigation for CVE-2026-1731 in BeyondTrust Remote Support and Privileged Remote Access, forcing affected federal deployments to apply the patch or stop using the product within three days. The directive reflects active exploitation risk and turns the flaw into a mandatory remediation item. BeyondTrust customers running self-hosted systems must still verify or install the update, while the SaaS service was patched automatically.

Cases

Related Happenings

BeyondTrust Remote Support and Privileged Remote Access critical fixes

Security Patch Release
H score38 First: 07.07.2026 08:16 Last: 07.07.2026 08:16 Sources 1

About this happening: **BeyondTrust** released **RS 25.3.3** and **PRA 25.3.3** to fix **four critical vulnerabilities** in its remote-access appliances, including **pre-authentication access-control b...

Dify cross-tenant auth bypass vulnerabilities multiple vulnerabilities path traversal flaw (CVE-2026-41948)

Vulnerability
H score31 First: 22.06.2026 19:13 Last: 22.06.2026 19:13 Sources 1

About this happening: Researchers disclosed **four Dify vulnerabilities** that exposed **cross-tenant AI chats, documents, and internal API access** on the platform's multi-tenant cloud service. Three...

SimpleHelp remote management software privileged technician account creation security flaw (CVE-2026-48558)

Vulnerability
H score46 First: 15.06.2026 23:06 Last: 15.06.2026 23:06 Sources 1

About this happening: **CVE-2026-48558** is a **critical authentication bypass** in **SimpleHelp RMM** that affects **OIDC authentication** and can let an unauthenticated attacker forge a token and obt...

Exim security patch release for CVE-2026-45185

Security Patch Release
H score21 First: 13.05.2026 23:23 Last: 13.05.2026 23:23 Sources 1

About this happening: **Exim** released **version 4.99.3** to fix **CVE-2026-45185**, closing a **remote-code-execution risk** in affected mail servers. The patch applies to **Exim versions before 4.99...

SAP Commerce Cloud missing authentication check remote code execution flaw (CVE-2026-34263)

Vulnerability
H score34 First: 12.05.2026 14:04 Last: 12.05.2026 14:04 Sources 1

About this happening: **CVE-2026-34263** is a critical **SAP Commerce Cloud** flaw that can let **unauthenticated attackers** execute code on vulnerable servers. The weakness is a **missing authenticat...

Timeline

  1. 20.02.2026 19:02 1 articles · 4mo ago

    Exploitation first detected in BeyondTrust Remote Support

    Exploitation Observed

    Anomalous activity on a single BeyondTrust Remote Support appliance was linked to exploitation of CVE-2026-1731, with the first detected abuse dated January 31 before public disclosure of the flaw.

    Show sources
  2. 20.02.2026 19:02 1 articles · 4mo ago

    SaaS patch applied automatically for BeyondTrust Remote Support

    Mitigation Patch Update

    BeyondTrust's cloud-based Remote Support service had the CVE-2026-1731 patch applied automatically on February 2, removing the need for manual action by SaaS customers.

    Show sources
  3. 20.02.2026 19:02 1 articles · 4mo ago

    BeyondTrust discloses CVE-2026-1731

    Initial Disclosure

    BeyondTrust publicly disclosed CVE-2026-1731 as a pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access, caused by an OS command injection weakness reachable through specially crafted client requests.

    Show sources
  4. 20.02.2026 19:02 2 articles · 4mo ago

    CISA adds CVE-2026-1731 to KEV and imposes a three-day deadline

    Legal Policy Action Update

    The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2026-1731 to the Known Exploited Vulnerabilities (KEV) catalog and directed federal agencies to apply the patch or stop using affected BeyondTrust Remote Support and Privileged Remote Access deployments within three days.

    Show sources