Threat Actors Reconnaissance Targets BeyondTrust RCE (CVE‑2026‑1731) Before Exploit Release

GreyNoise researchers have identified a wave of coordinated scans aimed at systems running BeyondTrust’s privileged access management service. The activity is focused on locating instances vulnerable to CVE‑2026‑1731, a newly disclosed remote code execution flaw. Attackers appear to be building an inventory of susceptible assets ahead of any publicly released exploit, indicating an organized pre‑exploitation phase.

CVE‑2026‑1731 allows an adversary to execute arbitrary code with the privileges of the PAM service, effectively granting administrative control over the compromised host. Defenders should prioritize detection of these reconnaissance patterns, verify patch status, and apply mitigations such as network segmentation and strict access controls to reduce the attack surface before a functional exploit emerges.

Categories: Vulnerabilities & Exploits, Malware & Ransomware, AI Security & Threats

Source: Read original article