Critical BeyondTrust Flaw Gives Attackers Full Domain Control

Critical CVE-2026-1731 flaw in BeyondTrust systems allows domain takeover. Patch immediately to prevent severe security breaches.

By Content Team

Feb 16, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Attackers are actively exploiting CVE-2026-1731, a critical vulnerability in BeyondTrust's self-hosted systems that allows complete domain takeover without authentication. The flaw lets hackers execute operating system commands remotely through crafted HTTP requests, earning a devastating 9.8 CVSS score.

Threat actors are deploying SimpleHelp remote access tools and creating privileged domain accounts with Enterprise Admin rights. Arctic Wolf researchers found attackers using reconnaissance commands to map Active Directory networks before spreading across multiple hosts via PSExec and Impacket tools.

Cloud customers received automatic patches on February 2, 2026, but self-hosted users running Remote Support 25.3.1 or Privileged Remote Access 24.3.4 must manually apply updates immediately. CISA warns older versions need upgrades first before patching.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

US Investigates Claims Meta Can Read Encrypted WhatsApp Messages

Feb 1, 2026

Hackers Target BeyondTrust Flaw Within Hours of Exploit Code Release

Feb 13, 2026

Critical SmarterMail Vulnerability Allows Remote Code Execution

Dec 30, 2025

ShinyHunters Cybercriminals Expand Cloud-Targeting Extortion Operations

Feb 2, 2026