"BeyondTrust announced patches for CVE-2026-1731 on February 6, the same day Hacktron AI, whose researchers discovered the issue in late January, warned that roughly 11,000 instances had been exposed to the internet, including approximately 8,500 on-prem deployments that may have been vulnerable to attacks. "Given that BeyondTrust Remote Support and Privileged Remote Access are widely deployed in enterprise environments for remote access and privileged session management, the potential blast radius of this vulnerability is significant," Hacktron said."
"A PoC exploit for CVE-2026-1731 was made public on February 10 and threat intelligence firm GreyNoise started seeing attack attempts within 24 hours. The security company has observed attacks originating from multiple IP addresses, but one IP accounts for 86% of reconnaissance activity. "[The IP is] associated with a commercial VPN service hosted by a provider in Frankfurt and has been an active scanner in our data since 2023," GreyNoise explained."
CVE-2026-1731 is a critical vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) that allows unauthenticated remote code execution via specially crafted requests. BeyondTrust released patches on February 6. Hacktron AI reported roughly 11,000 internet-exposed instances, including about 8,500 on-prem deployments potentially at risk. A public PoC appeared on February 10 and GreyNoise observed attack attempts within 24 hours. GreyNoise noted multiple probing IPs with one IP responsible for 86% of reconnaissance and linked to a commercial VPN provider in Frankfurt. WatchTowr and Defused confirmed in-the-wild exploitation attempts.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]