BeyondTrust CVE-2026-1731 CVSS 9.9 Pre-Auth RCE Under Active Exploitation
Unit42·high signal
Unit42 documents active exploitation of BeyondTrust Remote Support pre-auth RCE. Over 10,600 exposed instances. VShell and SparkRAT backdoor deployments across financial, legal, tech, healthcare.