EXECUTIVE SUMMARY
The Cybersecurity and Infrastructure Security Agency (CISA) have issued a warning that a critical remote code execution (RCE) vulnerability (CVE-2026-1731) in BeyondTrust products is now being actively exploited in ransomware attacks. The flaw allows attackers to remotely execute arbitrary code on vulnerable systems, leading to full compromise.
Threat actors are leveraging this vulnerability as an initial access vector to deploy ransomware, escalate privileges, and move laterally within victim networks. Due to the widespread deployment of BeyondTrust solutions in enterprise and government environments, successful exploitation presents a high-impact risk to affected organizations.
- CVE: CVE-2026-1731
- CVSS: 9.8
- Active Region: Global
- Affected Sector: Multiple sectors
- Affected Product: BeyondTrust Privileged Access Management Solutions
- Severity: Critical
- Published Date: February 21, 2026
TECHNICAL DETAILS
- Vulnerability Overview: The vulnerability enables unauthenticated or low-privileged remote code execution in affected BeyondTrust products.
- Attack Vector: The flaw can be exploited remotely over the network if the affected service is exposed. No user interaction is required for successful exploitation.
- Exploitation in Ransomware Campaigns: Threat actors are exploiting the flaw to……
