Critical Vulnerability in BeyondTrust Solutions Actively Exploited

A critical vulnerability (CVE-2026-1731) affecting BeyondTrust Remote Support and Privileged Remote Access solutions exposed on the Internet is being actively exploited following its recent correction. Attackers are targeting the get_portal_info endpoint to extract the x-ns-company value before establishing a WebSocket channel. A technical analysis and a proof-of-concept (PoC) were published by Rapid7 on February 10, 2026. Defused Cyber and GreyNoise have detected reconnaissance activities and limited exploitations. watchTowr has confirmed these attacks. The vulnerability allows for remote code execution (RCE). Source: https://www.helpnetsecurity.com/2026/02/13/beyondtrust-cve-2026-1731-poc-exploit-activity/