CISA Warns of BeyondTrust RCE Vulnerability Exploitation in Ransomware Attacks
BeyondTrust’s Remote Support Vulnerability Actively Exploited in Ransomware Attacks
A critical vulnerability in BeyondTrust’s Remote Support product is being actively exploited by hackers in ransomware attacks, according to a warning from the US Cybersecurity and Infrastructure Security Agency (CISA).
Vulnerability Details
The flaw, tracked as CVE-2026-1731, affects versions 25.3.1 and earlier of Remote Support, as well as versions 24.3.4 and earlier of Privileged Remote Access.
The vulnerability was initially disclosed by BeyondTrust on February 6, and is classified as a pre-authentication remote code execution vulnerability caused by an OS command injection weakness.
Exploitation and Patching
Proof-of-concept exploits for the vulnerability became available shortly after its disclosure, and in-the-wild exploitation began almost immediately. BeyondTrust confirmed that exploitation was detected on January 31, making CVE-2026-1731 a zero-day vulnerability for at least a week.
The company credits researcher Harsh Jaiswal and the Hacktron AI team with reporting the anomalous activity.
For customers of the cloud-based application, the patch was applied automatically on February 2, and no manual intervention is required. However, customers of self-hosted instances must either enable automatic updates and verify the patch was applied, or manually install it.
Remediation
To remediate the vulnerability, Remote Support users should install version 25.3.2, while Privileged Remote Access users should switch to version 25.1.1 or newer. Users still running older versions, including RS v21.3 and PRA v22.1, are advised to take immediate action to update their software.
The exploitation of CVE-2026-1731 in ransomware attacks highlights the importance of timely patching and vulnerability management. Organizations using affected versions of BeyondTrust’s Remote Support product should prioritize remediation to prevent potential attacks.
About Author
English