BeyondTrust CVE-2026-1731 exploited in the wild; urgent patching and KEV updates

February 14, 2026 at 05:43 PM

•

1 min read

BeyondTrust CVE-2026-1731 exploited in the wild; urgent patching and KEV updates — Photo: The Hacker News

TL;DR Summary

Threat actors are actively exploiting BeyondTrust CVE-2026-1731 (CVSS 9.9) in the wild by abusing get_portal_info to harvest the x-ns-company value before WebSocket setup, enabling unauthenticated remote code execution; BeyondTrust notes PRA v25.1+ do not require patching, while RS requires the BT26-02-RS patch (v21.3–25.3.1) and PRA patch (BT26-02-PRA, v22.1–24.X); watchTowr, GreyNoise/Defused Cyber, and Arctic Wolf report rapid activity and persistence attempts using SimpleHelp and PSexec; CISA added CVE-2026-1731 to KEV with federal patch deadlines by Feb 16, 2026, and KEV also lists other flaws (CVE-2026-20700, CVE-2025-15556, CVE-2025-40536, CVE-2024-43468).

Topics:business #beyondtrust #cisa-kev #cve-2026-1731 #in-the-wild #patching #security

Share this article

Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability The Hacker News
BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release SecurityWeek
Reconnaissance Has Begun for the New BeyondTrust RCE (CVE-2026-1731): Here's What We See So Far GreyNoise
BeyondTrust warns of critical RCE flaw in remote support software BleepingComputer
Critical BeyondTrust RS vulnerability exploited in active attacks csoonline.com

Reading Insights

Total Reads

Unique Readers

Time Saved

5 min

vs 6 min read

Condensed

92%

1,140 → 87 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights