{"id":215760,"date":"2026-02-20T12:02:00","date_gmt":"2026-02-20T17:02:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/20\/beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks\/"},"modified":"2026-02-20T15:55:12","modified_gmt":"2026-02-20T20:55:12","slug":"beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/20\/beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks\/","title":{"rendered":"BeyondTrust RCE flaw now exploited in ransomware attacks"},"content":{"rendered":"<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks\/\">BeyondTrust RCE flaw now exploited in ransomware attacks<\/a><\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks\/\">https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-20 12:02:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.bleepingcomputer.com\">www.bleepingcomputer.com<\/a><\/p>\n<p style=\"text-align:center\">\n<p>Hackers are actively exploiting the CVE-2026-1731 vulnerability in the BeyondTrust Remote Support product, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns.<\/p>\n<p>The security issue affects BeyondTrust&#8217;s\u00a0Remote Support 25.3.1 or earlier and Privileged Remote Access 24.3.4 or earlier, and can be exploited for remote code execution.<\/p>\n<p>CISA added it to the Known Exploited Vulnerabilities (KEV) catalog on February 13\u00a0and gave\u00a0federal agencies just three days to apply the patch or stop using the product.<\/p>\n<p> <img decoding=\"async\" src=\"https:\/\/www.bleepstatic.com\/c\/w\/ai-security-board-report-template.jpg\" alt=\"Wiz\" style=\"margin-top: 0px;\"\/><\/p>\n<p>BeyondTrust initially disclosed\u00a0CVE-2026-1731 on February 6. The\u00a0security advisory\u00a0classified it as a pre-authentication remote code execution vulnerability caused by an OS command injection weakness, exploitable via specially crafted client requests sent to vulnerable endpoints.<\/p>\n<p>Proof-of-concept (PoC) exploits for CVE-2026-1731 became available shortly after, and in-the-wild exploitation started almost immediately.<\/p>\n<p>On February 13, BeyondTrust updated the bulletin\u00a0 to say that exploitation had been detected on January 31, making CVE-2026-1731 a zero-day vulnerability for at least a week.<\/p>\n<p>BeyondTrust states that the report from researcher Harsh Jaiswal and the Hacktron AI team\u00a0confirmed the anomalous activity that they detected on a single Remote Support appliance at the time.<\/p>\n<p>CISA has now activated the \u2018Known To Be Used in Ransomware Campaigns?\u2019 indicator in the KEV catalog.<\/p>\n<p>For customers of the cloud-based application (SaaS), the vendor states the patch was applied automatically on February 2, so no manual intervention is needed.<\/p>\n<p>Customers of the self-hosted instances need to either enable automatic updates and verify that the patch was applied via the &#8216;\/appliance&#8217; interface or manually install it.<\/p>\n<p>For Remote Support, the recommendation is to install version 25.3.2. Privileged Remote Access users should switch to version 25.1.1 or newer.<\/p>\n<p>Those still at RS v21.3 and PRA v22.1 are recommended to upgrade to&#8230;<\/p>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>BeyondTrust RCE flaw now exploited in ransomware attacks https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-beyondtrust-rce-flaw-now-exploited-in-ransomware-attacks\/ Publish Date: 2026-02-20 12:02:00 Source Domain:&#8230;<\/p>\n","protected":false},"author":1,"featured_media":215761,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.bleepstatic.com\/content\/hl-images\/2026\/02\/16\/BeyondTrust.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,27],"class_list":["post-215760","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215760"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=215760"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215760\/revisions"}],"predecessor-version":[{"id":215762,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/215760\/revisions\/215762"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/215761"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=215760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=215760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=215760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}