CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/Mitigation
Summary
Hide ▲
Show ▼
CISA ordered urgent KEV mitigation for CVE-2026-1731 in BeyondTrust Remote Support and Privileged Remote Access, forcing affected federal deployments to apply the patch or stop using the product within three days. The directive reflects active exploitation risk and turns the flaw into a mandatory remediation item. BeyondTrust customers running self-hosted systems must still verify or install the update, while the SaaS service was patched automatically.
Cases
Related Happenings
BeyondTrust Remote Support and Privileged Remote Access critical fixes
Security Patch Release
H score38
First: 07.07.2026 08:16
Last: 07.07.2026 08:16
Sources 1
About this happening:
**BeyondTrust** released **RS 25.3.3** and **PRA 25.3.3** to fix **four critical vulnerabilities** in its remote-access appliances, including **pre-authentication access-control b...
BeyondTrust Remote Support and Privileged Remote Access critical fixes
Security Patch ReleaseAbout this happening: **BeyondTrust** released **RS 25.3.3** and **PRA 25.3.3** to fix **four critical vulnerabilities** in its remote-access appliances, including **pre-authentication access-control b...
Dify cross-tenant auth bypass vulnerabilities multiple vulnerabilities path traversal flaw (CVE-2026-41948)
Vulnerability
H score31
First: 22.06.2026 19:13
Last: 22.06.2026 19:13
Sources 1
About this happening:
Researchers disclosed **four Dify vulnerabilities** that exposed **cross-tenant AI chats, documents, and internal API access** on the platform's multi-tenant cloud service. Three...
Dify cross-tenant auth bypass vulnerabilities multiple vulnerabilities path traversal flaw (CVE-2026-41948)
VulnerabilityAbout this happening: Researchers disclosed **four Dify vulnerabilities** that exposed **cross-tenant AI chats, documents, and internal API access** on the platform's multi-tenant cloud service. Three...
SimpleHelp remote management software privileged technician account creation security flaw (CVE-2026-48558)
Vulnerability
H score46
First: 15.06.2026 23:06
Last: 15.06.2026 23:06
Sources 1
About this happening:
**CVE-2026-48558** is a **critical authentication bypass** in **SimpleHelp RMM** that affects **OIDC authentication** and can let an unauthenticated attacker forge a token and obt...
SimpleHelp remote management software privileged technician account creation security flaw (CVE-2026-48558)
VulnerabilityAbout this happening: **CVE-2026-48558** is a **critical authentication bypass** in **SimpleHelp RMM** that affects **OIDC authentication** and can let an unauthenticated attacker forge a token and obt...
Exim security patch release for CVE-2026-45185
Security Patch Release
H score21
First: 13.05.2026 23:23
Last: 13.05.2026 23:23
Sources 1
About this happening:
**Exim** released **version 4.99.3** to fix **CVE-2026-45185**, closing a **remote-code-execution risk** in affected mail servers. The patch applies to **Exim versions before 4.99...
Exim security patch release for CVE-2026-45185
Security Patch ReleaseAbout this happening: **Exim** released **version 4.99.3** to fix **CVE-2026-45185**, closing a **remote-code-execution risk** in affected mail servers. The patch applies to **Exim versions before 4.99...
SAP Commerce Cloud missing authentication check remote code execution flaw (CVE-2026-34263)
Vulnerability
H score34
First: 12.05.2026 14:04
Last: 12.05.2026 14:04
Sources 1
About this happening:
**CVE-2026-34263** is a critical **SAP Commerce Cloud** flaw that can let **unauthenticated attackers** execute code on vulnerable servers. The weakness is a **missing authenticat...
SAP Commerce Cloud missing authentication check remote code execution flaw (CVE-2026-34263)
VulnerabilityAbout this happening: **CVE-2026-34263** is a critical **SAP Commerce Cloud** flaw that can let **unauthenticated attackers** execute code on vulnerable servers. The weakness is a **missing authenticat...
Timeline
-
20.02.2026 19:02 1 articles · 4mo ago
Exploitation first detected in BeyondTrust Remote Support
Exploitation ObservedAnomalous activity on a single BeyondTrust Remote Support appliance was linked to exploitation of CVE-2026-1731, with the first detected abuse dated January 31 before public disclosure of the flaw.
Show sources
- CISA: BeyondTrust RCE flaw now exploited in ransomware attacks — www.bleepingcomputer.com — 20.02.2026 19:02
-
20.02.2026 19:02 1 articles · 4mo ago
SaaS patch applied automatically for BeyondTrust Remote Support
Mitigation Patch UpdateBeyondTrust's cloud-based Remote Support service had the CVE-2026-1731 patch applied automatically on February 2, removing the need for manual action by SaaS customers.
Show sources
- CISA: BeyondTrust RCE flaw now exploited in ransomware attacks — www.bleepingcomputer.com — 20.02.2026 19:02
-
20.02.2026 19:02 1 articles · 4mo ago
BeyondTrust discloses CVE-2026-1731
Initial DisclosureBeyondTrust publicly disclosed CVE-2026-1731 as a pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access, caused by an OS command injection weakness reachable through specially crafted client requests.
Show sources
- CISA: BeyondTrust RCE flaw now exploited in ransomware attacks — www.bleepingcomputer.com — 20.02.2026 19:02
-
20.02.2026 19:02 2 articles · 4mo ago
CISA adds CVE-2026-1731 to KEV and imposes a three-day deadline
Legal Policy Action UpdateThe U.S. Cybersecurity and Infrastructure Security Agency added CVE-2026-1731 to the Known Exploited Vulnerabilities (KEV) catalog and directed federal agencies to apply the patch or stop using affected BeyondTrust Remote Support and Privileged Remote Access deployments within three days.
Show sources
- CISA: BeyondTrust RCE flaw now exploited in ransomware attacks — www.bleepingcomputer.com — 20.02.2026 19:02
- CISA: BeyondTrust RCE flaw now exploited in ransomware attacks — www.bleepingcomputer.com — 20.02.2026 19:02