Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CISA KEV mitigation for BeyondTrust CVE-2026-1731

Advisory/Mitigation
First reported
Last updated
Happening score
H score 59
1 unique sources, 1 articles

Summary

Hide ▲

CISA ordered urgent KEV mitigation for CVE-2026-1731 in BeyondTrust Remote Support and Privileged Remote Access, forcing affected federal deployments to apply the patch or stop using the product within three days. The directive reflects active exploitation risk and turns the flaw into a mandatory remediation item. BeyondTrust customers running self-hosted systems must still verify or install the update, while the SaaS service was patched automatically.

Cases

BeyondTrust CVE-2026-1731 exploitation and remediation (3)

Related Happenings

Exim security patch release for CVE-2026-45185

Security Patch Release
First: 13.05.2026 23:23 Last: 13.05.2026 23:23 Sources 1

About this happening: **Exim** released **version 4.99.3** to fix **CVE-2026-45185**, closing a **remote-code-execution risk** in affected mail servers. The patch applies to **Exim versions before 4.99...

Open Happening

SAP Commerce Cloud missing authentication check remote code execution flaw (CVE-2026-34263)

Vulnerability
First: 12.05.2026 14:04 Last: 12.05.2026 14:04 Sources 1

About this happening: **CVE-2026-34263** is a critical **SAP Commerce Cloud** flaw that can let **unauthenticated attackers** execute code on vulnerable servers. The weakness is a **missing authenticat...

Open Happening

Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821

Security Patch Release
First: 07.05.2026 18:20 Last: 07.05.2026 18:20 Sources 1

About this happening: Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-seve...

Latest development: 07.05.2026 20:55

Ivanti released fixes for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821 in Endpoint Manager Mobile (EPMM). The updates apply only to on-prem EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1, and Ivanti said the issues are not present in Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, or other Ivanti products.

Open Happening

Ivanti EPMM zero-day remote code execution (CVE-2026-6973)

Vulnerability
First: 07.05.2026 18:20 Last: 07.05.2026 18:20 Sources 1

About this happening: Ivanti's disclosure of **CVE-2026-6973** puts **Endpoint Manager Mobile (EPMM)** customers on alert for a **zero-day remote code execution** flaw that can let authenticated admins...

Latest development: 07.05.2026 20:55

The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2026-6973 to its Known Exploited Vulnerabilities (KEV) catalog and required Federal Civilian Executive Branch agencies to apply the fixes by May 10, 2026.

Open Happening

CISA KEV listing and FCEB firewall directive for CVE-2026-0300

Public Sector Action
First: 07.05.2026 13:57 Last: 07.05.2026 13:57 Sources 1

About this happening: **CISA** added **CVE-2026-0300** to the **KEV Catalog** and ordered **FCEB agencies** to secure vulnerable firewalls by **May 9, 2026**. The federal directive makes the exploited...

Open Happening

Timeline

  1. 20.02.2026 19:02 1 articles · 3mo ago

    Exploitation first detected in BeyondTrust Remote Support

    Exploitation Observed

    Anomalous activity on a single BeyondTrust Remote Support appliance was linked to exploitation of CVE-2026-1731, with the first detected abuse dated January 31 before public disclosure of the flaw.

    Show sources
    Open in new tab
  2. 20.02.2026 19:02 1 articles · 3mo ago

    SaaS patch applied automatically for BeyondTrust Remote Support

    Mitigation Patch Update

    BeyondTrust's cloud-based Remote Support service had the CVE-2026-1731 patch applied automatically on February 2, removing the need for manual action by SaaS customers.

    Show sources
    Open in new tab
  3. 20.02.2026 19:02 1 articles · 3mo ago

    BeyondTrust discloses CVE-2026-1731

    Initial Disclosure

    BeyondTrust publicly disclosed CVE-2026-1731 as a pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access, caused by an OS command injection weakness reachable through specially crafted client requests.

    Show sources
    Open in new tab
  4. 20.02.2026 19:02 2 articles · 3mo ago

    CISA adds CVE-2026-1731 to KEV and imposes a three-day deadline

    Legal Policy Action Update

    The U.S. Cybersecurity and Infrastructure Security Agency added CVE-2026-1731 to the Known Exploited Vulnerabilities (KEV) catalog and directed federal agencies to apply the patch or stop using affected BeyondTrust Remote Support and Privileged Remote Access deployments within three days.

    Show sources
    Open in new tab