vulnerability🌐InternationalBleepingComputer
CISA Mandates Urgent Patch for Actively Exploited BeyondTrust RCE Flaw
Monday, February 16, 2026
What
CISA issued a directive for federal agencies to immediately patch a critical BeyondTrust Remote Support vulnerability, CVE-2026-1731, which is being actively exploited in the wild. This flaw, an OS command injection, allows unauthenticated remote code execution, making it a severe threat to sensitive government infrastructure.
Where
U.S. Federal Civilian Executive Branch (FCEB) agencies and other BeyondTrust customers globally, including Fortune 100 companies, are affected.
When
Vulnerability discovered January 31, 2026; patches released February 2-6, 2026; active exploitation reported February 13, 2026; CISA directive issued February 14, 2026.
Key Factors
- •The vulnerability, CVE-2026-1731, is an OS command injection flaw in BeyondTrust Remote Support and Privileged Remote Access, enabling unauthenticated remote code execution.
- •CISA added this flaw to its Known Exploited Vulnerabilities (KEV) catalog and mandated federal agencies patch within three days due to active exploitation by attackers.
- •While SaaS instances were patched automatically, on-premise deployments, which constitute a significant portion of exposed instances, require manual patching by customers.
Takeaways
- →Organizations using BeyondTrust Remote Support or Privileged Remote Access on-premise must immediately apply vendor-provided patches for CVE-2026-1731.
- →Given the history of BeyondTrust vulnerabilities being exploited by sophisticated actors against government entities, proactive vulnerability management and rapid patching are crucial for critical infrastructure.
Read Full Article
Opens original article on BleepingComputer
