On February 6, BeyondTrust issued a security advisory for the BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability ( CVE-2026-1731 ). This critical vulnerability (CVSS score of 9.9) may be triggered through specially crafted client requests. Successful exploitation could allow an unauthenticated remote threat actor to execute operating system commands in the context of the user and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption. Additional observed activity includes  network reconnaissance and account creation, webshell deployment, command-and-control (C2) traffic, backdoor and remote management tool deployment, lateral movement, and data theft.  Threat actors are actively exploiting multiple sectors and industries, including financial services, legal services, technology, education, wholesale and retail, and healthcare.

The NJCCIC received reports of organizations impacted by this vulnerability, resulting in unauthorized access, service disruption, and ransomware. We recommend organizations, including third-party vendors, review the BeyondTrust security advisory  for additional information and mitigations and patch immediately after appropriate testing.