{"id":216591,"date":"2026-02-23T07:12:00","date_gmt":"2026-02-23T12:12:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/23\/cve-2026-1731-fuels-ongoing-attacks-on-beyondtrust-remote-access-products\/"},"modified":"2026-02-23T11:05:15","modified_gmt":"2026-02-23T16:05:15","slug":"cve-2026-1731-fuels-ongoing-attacks-on-beyondtrust-remote-access-products","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/23\/cve-2026-1731-fuels-ongoing-attacks-on-beyondtrust-remote-access-products\/","title":{"rendered":"CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products"},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/188370\/hacking\/cve-2026-1731-fuels-ongoing-attacks-on-beyondtrust-remote-access-products.html\">CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/188370\/hacking\/cve-2026-1731-fuels-ongoing-attacks-on-beyondtrust-remote-access-products.html\">https:\/\/securityaffairs.com\/188370\/hacking\/cve-2026-1731-fuels-ongoing-attacks-on-beyondtrust-remote-access-products.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-23 07:12:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> February 23, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2026\/02\/image-16.png?fit=2280%2C1280&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems.<\/h2>\n<p>Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA).<\/p>\n<p>The flaw is being used to conduct a wide range of malicious activities, including deploying VShell and other tools to gain persistence, move laterally, and maintain remote control over compromised systems.<\/p>\n<p>Recenlty, BeyondTrust released security updates to address the critical flaw in its Remote Support and older Privileged Remote Access products. The bug could allow an unauthenticated attacker to send specially crafted requests and run operating system commands remotely, without logging in. The issue, disclosed on February 6, 2026, could lead to full remote code execution if exploited, making the updates essential to prevent abuse.<\/p>\n<p>\u201cBeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability.\u201d\u00a0reads the advisory. \u201cBy sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.\u201d<\/p>\n<p>Exploiting the flaw would let a remote attacker run system commands without authentication or user interaction, potentially leading to full system compromise, data theft, and service disruption.<\/p>\n<p>BeyondTrust released patches for CVE-2026-1731 on February 6 after Hacktron researchers\u00a0warned\u00a0that about thousands of instances were exposed online.<\/p>\n<p>Hacktron AI team reported that roughly 11,000 BeyondTrust Remote Support instances are exposed online&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/188370\/hacking\/cve-2026-1731-fuels-ongoing-attacks-on-beyondtrust-remote-access-products.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products https:\/\/securityaffairs.com\/188370\/hacking\/cve-2026-1731-fuels-ongoing-attacks-on-beyondtrust-remote-access-products.html Publish Date: 2026-02-23 07:12:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":216592,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2026\/02\/image-16.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,27],"class_list":["post-216591","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216591"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=216591"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216591\/revisions"}],"predecessor-version":[{"id":216593,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/216591\/revisions\/216593"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/216592"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=216591"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=216591"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=216591"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}