Spike in Recon Targets BeyondTrust RCE CVE‑2026‑1731 Signals Imminent Attack

GreyNoise observed a sharp increase in reconnaissance traffic aimed at BeyondTrust’s remote administration suite. Multiple external IPs are probing for the CVE‑2026‑1731 vulnerability by sending crafted requests to the privileged access manager’s service ports, attempting to identify unpatched installations that could be abused for remote code execution.

The flaw grants attackers the ability to run arbitrary code with SYSTEM/Administrator privileges, giving them footholds to compromise entire enterprise networks that rely on BeyondTrust for privileged access management. Defenders should prioritize patching affected products, enable multi‑factor authentication for privileged accounts, and deploy detection rules for the known exploit patterns to block or alert on these scans before they evolve into active exploitation.

Categories: Vulnerabilities & Exploits, AI Security & Threats, Threat Intelligence

Source: Read original article