CISA gives feds 3 days to patch actively exploited BeyondTrust flaw
CISA gives feds 3 days to patch actively exploited BeyondTrust flaw
Publish Date: 2026-02-16 07:33:00
Source Domain: www.bleepingcomputer.com
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days.
BeyondTrust provides identity security services to more than 20,000 customers across over 100 countries, including government agencies and 75% of Fortune 100 companies worldwide.
Tracked as CVE-2026-1731, this remote code execution vulnerability stems from an OS command injection weakness and affects BeyondTrust’s Remote Support 25.3.1 or earlier and Privileged Remote Access 24.3.4 or earlier.
While BeyondTrust patched all Remote Support and Privileged Remote Access SaaS instances on February 2, 2026, on-premise customers must install patches manually.
“Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user,” BeyondTrust said when it patched the vulnerability on February 6. “Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.”
Hacktron, who discovered the vulnerability and responsibly disclosed it to BeyondTrust on January 31, warned that approximately 11,000 BeyondTrust Remote Support instances were exposed online, around 8,500 of them being on-premises deployments.
On Thursday, six days after BeyondTrust released CVE-2026-1731 security patches, watchTowr head of threat intelligence Ryan Dewhurst reported that attackers are now actively exploiting the security flaw, warning admins that unpatched devices should be assumed to be compromised.
Federal agencies ordered to patch immediately
One day later, CISA confirmed Dewhurst’s report, added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, and ordered Federal Civilian Executive Branch (FCEB) agencies to secure their…
