March 31, 2026

BeyondTrust Vulnerability Exploited by Hackers Within 24 Hours of Proof-of-Concept Release

Vaibhav February 13, 2026
data-28
Post Views: 189

BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Exploit Release

A recently patched vulnerability in BeyondTrust’s Remote Support and Privileged Remote Access products has been targeted by hackers within 24 hours of a proof-of-concept exploit being made public. The vulnerability, tracked as CVE-2026-1731, allows for unauthenticated remote code execution using specially crafted requests.

Vulnerability Details

BeyondTrust released patches for the vulnerability on February 6, after researchers at Hacktron AI discovered the issue in late January. At the time, Hacktron warned that approximately 11,000 instances of the affected products were exposed to the internet, including 8,500 on-premises deployments that may have been vulnerable to attacks.

Hacktron noted that the potential impact of the vulnerability is significant, given the widespread use of BeyondTrust’s products in enterprise environments for remote access and privileged session management.

Exploitation Attempts

A proof-of-concept exploit for CVE-2026-1731 was released on February 10, and threat intelligence firm GreyNoise began seeing attack attempts within 24 hours. GreyNoise observed attacks originating from multiple IP addresses, with one IP accounting for 86% of reconnaissance activity. This IP is associated with a commercial VPN service hosted in Frankfurt and has been an active scanner in GreyNoise’s data since 2023.

GreyNoise reported that the IP address in question is not a new actor, but rather an established scanning operation that rapidly added CVE-2026-1731 checks to its toolkit. The firm also noted that some of the IPs targeting CVE-2026-1731 were previously observed attempting to exploit vulnerabilities in SonicWall, MOVEit, Apache, and Sophos products, and also tried to access systems using brute force and default credentials.

Industry Confirmation

Other security firms, including WatchTowr and Defused, have confirmed in-the-wild exploitation attempts of CVE-2026-1731. GreyNoise also reported that the vulnerability was still being targeted by malicious hackers as recently as January 2026, despite its initial exploitation being observed in 2024.

Conclusion

The rapid exploitation of CVE-2026-1731 highlights the importance of prompt patching and vigilance in defending against emerging threats. As threat actors continue to evolve and adapt, organizations must prioritize proactive security measures to stay ahead of potential attacks.



About Author

Vaibhav

See author's posts

More Stories

Evaluating-AI-Security-Operations-Centers-7-Essential-Questions-to-Ask

Evaluating AI Security Operations Centers: 7 Essential Questions to Ask

Vaibhav March 30, 2026
Critical-Fortinet-FortiClient-EMS-Vulnerability-Exploited-in-Attacks

Critical Fortinet FortiClient EMS Vulnerability Exploited in Attacks

Vaibhav March 30, 2026
Centre-Extends-SIM-Binding-Deadline-for-Messaging-Apps-Due-to-Technical-Hurdles

Centre Extends SIM-Binding Deadline for Messaging Apps Due to Technical Hurdles

Vaibhav March 30, 2026

Latest Cyber Security News

Preventing-Supply-Chain-Compromise-by-Attackers-Protecting-Business-Reputation

Preventing Supply Chain Compromise by Attackers: Protecting Business Reputation

Vaibhav March 30, 2026
Cloaked-Secures-375-Million-Dollar-Series-B-Funding-for-Enterprise-Solutions

Cloaked Secures 375 Million Dollar Series B Funding for Enterprise Solutions

Vaibhav March 30, 2026
15-Year-Old-StrongVPN-Vulnerability-Exposes-Users-to-Crashing-Attacks-via-Integer-Overflow

15-Year-Old StrongVPN Vulnerability Exposes Users to Crashing Attacks via Integer Overflow

Vaibhav March 30, 2026
Gaming-and-Ocean-Conservation-Meet-with-Wave-Browser-s-Innovative-Tab

Gaming and Ocean Conservation Meet with Wave Browser’s Innovative Tab

Vaibhav March 30, 2026
RSAC-2026-Highlights-Certificate-Automation-Gap-Challenges

RSAC 2026 Highlights Certificate Automation Gap Challenges

Vaibhav March 30, 2026
en_USEnglish
en_USEnglish