CISA updates KEV entry for CVE-2026-1731
Public Sector Action
Summary
Hide ▲
Show ▼
CISA updated its KEV catalog entry for CVE-2026-1731, confirming the flaw has been used in ransomware campaigns and elevating its government-tracked risk. The update matters because it turns ongoing exploitation into an explicit federal signal for defenders monitoring this vulnerability. It also links the issue to a broader wave of real-world abuse against BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA).
Related Happenings
BeyondTrust Remote Support and Privileged Remote Access critical fixes
Security Patch Release
H score38
First: 07.07.2026 08:16
Last: 07.07.2026 08:16
Sources 1
About this happening:
**BeyondTrust** released **RS 25.3.3** and **PRA 25.3.3** to fix **four critical vulnerabilities** in its remote-access appliances, including **pre-authentication access-control b...
BeyondTrust Remote Support and Privileged Remote Access critical fixes
Security Patch ReleaseAbout this happening: **BeyondTrust** released **RS 25.3.3** and **PRA 25.3.3** to fix **four critical vulnerabilities** in its remote-access appliances, including **pre-authentication access-control b...
Ubiquiti UniFi OS actively exploited access control bypass, traversal, and RCE flaws (multiple vulnerabilities)
Vulnerability
H score43
First: 24.06.2026 17:35
Last: 24.06.2026 17:35
Sources 1
About this happening:
**Ubiquiti UniFi OS** now has **three actively exploited CVEs** that can let attackers make unauthorized changes, expose sensitive files, and reach **remote code execution** on vu...
Ubiquiti UniFi OS actively exploited access control bypass, traversal, and RCE flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **Ubiquiti UniFi OS** now has **three actively exploited CVEs** that can let attackers make unauthorized changes, expose sensitive files, and reach **remote code execution** on vu...
SimpleHelp remote management software privileged technician account creation security flaw (CVE-2026-48558)
Vulnerability
H score46
First: 15.06.2026 23:06
Last: 15.06.2026 23:06
Sources 1
About this happening:
**CVE-2026-48558** is a **critical authentication bypass** in **SimpleHelp RMM** that affects **OIDC authentication** and can let an unauthenticated attacker forge a token and obt...
SimpleHelp remote management software privileged technician account creation security flaw (CVE-2026-48558)
VulnerabilityAbout this happening: **CVE-2026-48558** is a **critical authentication bypass** in **SimpleHelp RMM** that affects **OIDC authentication** and can let an unauthenticated attacker forge a token and obt...
Splunk Enterprise security update for CVE-2026-20253
Security Patch Release
H score52
First: 13.06.2026 16:23
Last: 13.06.2026 16:23
Sources 1
About this happening:
**Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...
Splunk Enterprise security update for CVE-2026-20253
Security Patch ReleaseAbout this happening: **Splunk** released **security updates** for **CVE-2026-20253**, fixing a critical **Splunk Enterprise** flaw that could enable unauthenticated file operations and **remote code e...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation Wave
H score18
First: 01.06.2026 11:30
Last: 01.06.2026 11:30
Sources 1
About this happening:
A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
PAN-OS GlobalProtect CVE-2026-0257 exploitation wave
Exploitation WaveAbout this happening: A **CVE-2026-0257** exploitation wave is hitting **Palo Alto Networks PAN-OS GlobalProtect** appliances, creating **unauthorized VPN access** risk for **multiple customers**. **Ra...
Timeline
-
20.02.2026 17:45 2 articles · 4mo ago
CISA updates KEV entry for CVE-2026-1731
Industry Or Public Sector UpdateCISA updates its Known Exploited Vulnerabilities (KEV) catalog entry for CVE-2026-1731 affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA), confirming that the flaw has been exploited in ransomware campaigns and placing the issue under formal government tracking.
Show sources
- BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration — thehackernews.com — 20.02.2026 17:45
- BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration — thehackernews.com — 20.02.2026 17:45