Summary: CISA has added CVE-2026-1731 to its Known Exploited Vulnerabilities (KEV) catalog. This critical OS command injection vulnerability affects BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). Attackers are actively exploiting this to gain full system-level control over the very appliances designed to secure administrative access.
Business Impact: Critical Access Risk. A compromise of your Privileged Access Management (PAM) tool is a “worst-case scenario.” Attackers can use this to harvest administrative credentials and move laterally throughout the entire corporate network with total invisibility.
Why It Happened: Insecure input handling in the management interface allowed unauthenticated users to inject commands that the operating system executed with root-level privileges.
Recommended Executive Action: Patch Immediately. BeyondTrust has released emergency updates. If you cannot patch today, isolate the management interface of the appliance from the public internet and audit logs for any unauthorized “SYSTEM” level executions.
Hashtags: #CISA #KEV #BeyondTrust #PAM #PrivilegeEscalation #Infosec #PatchNow