February 16, 2026

CISA Orders Federal Agencies to Patch BeyondTrust Vulnerability Within 72 Hours

Vaibhav February 16, 2026
CISA-Orders-Federal-Agencies-to-Patch-BeyondTrust-Vulnerability-Within-72-Hoursdata
Post Views: 15

US Agencies Directed to Patch Critical Vulnerability in BeyondTrust’s Remote Support Software

The US Cybersecurity and Infrastructure Security Agency (CISA) has directed federal agencies to patch a critical vulnerability in BeyondTrust’s Remote Support software within three days.

Vulnerability Details

The vulnerability, tracked as CVE-2026-1731, is a remote code execution flaw that stems from an OS command injection weakness. It affects versions 25.3.1 or earlier of Remote Support and 24.3.4 or earlier of Privileged Remote Access.

According to Hacktron, the researcher who discovered the vulnerability, approximately 11,000 BeyondTrust Remote Support instances were exposed online, with around 8,500 being on-premises deployments.

Exploitation and Patching

Following the release of security patches, attackers began actively exploiting the vulnerability, prompting CISA to add it to its Known Exploited Vulnerabilities (KEV) catalog. BeyondTrust patched the vulnerability on February 2, 2026, for all SaaS instances, but on-premise customers must apply the patches manually.

CISA’s Warning

CISA ordered Federal Civilian Executive Branch agencies to secure their BeyondTrust instances by the end of February 16, as mandated by Binding Operational Directive (BOD) 22-01. The agency warned that these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Previous Incidents

This is not the first time BeyondTrust security flaws have been exploited to compromise US government agencies. In a previous incident, the US Treasury Department’s network was hacked by the Silk Typhoon, a Chinese state-backed cyberespionage group, which exploited two zero-day bugs to breach BeyondTrust’s systems and compromise 17 Remote Support SaaS instances.

The Silk Typhoon group has also targeted other US government agencies, including the Office of Foreign Assets Control and the Committee on Foreign Investment in the United States.

Importance of Patching

CISA’s warning serves as a reminder of the importance of prompt patching and mitigation of known vulnerabilities to prevent exploitation by malicious actors.



About Author

Vaibhav

See author's posts

More Stories

Infostealer-Malware-Discovered-Stealing-OpenClaw-Secrets-for-the-First-Timedata

Infostealer Malware Discovered Stealing OpenClaw Secrets for the First Time

Vaibhav February 16, 2026
Luxury-Brands-Dior-Louis-Vuitton-Tiffany-Fined-25-Million-in-South-Korea-Data-Breachdata

Luxury Brands Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea Data Breach

Vaibhav February 16, 2026
Data-Breach-at-DavaIndia-Exposes-Customer-Orders-and-Admin-Controls-Across-883-Storesdata

Data Breach at DavaIndia Exposes Customer Orders and Admin Controls Across 883 Stores

Vaibhav February 16, 2026

You may have missed

Infostealer-Malware-Discovered-Stealing-OpenClaw-Secrets-for-the-First-Timedata

Infostealer Malware Discovered Stealing OpenClaw Secrets for the First Time

Vaibhav February 16, 2026
Indian-Ambassador-Meets-Cambodian-Police-to-Combat-Online-Scams-and-Cybercrimesdata

Indian Ambassador Meets Cambodian Police to Combat Online Scams and Cybercrimes

Vaibhav February 16, 2026
Maintaining-ISO-27001-Compliance-in-a-Passwordless-World-The-Shift-to-Passkeysdata

Maintaining ISO 27001 Compliance in a Passwordless World: The Shift to Passkeys

Vaibhav February 16, 2026
Luxury-Brands-Dior-Louis-Vuitton-Tiffany-Fined-25-Million-in-South-Korea-Data-Breachdata

Luxury Brands Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea Data Breach

Vaibhav February 16, 2026
Data-Breach-at-DavaIndia-Exposes-Customer-Orders-and-Admin-Controls-Across-883-Storesdata

Data Breach at DavaIndia Exposes Customer Orders and Admin Controls Across 883 Stores

Vaibhav February 16, 2026
en_USEnglish
en_USEnglish