CISA Adds One Known Exploited Vulnerability to Catalog
Summary
CISA added CVE-2026-1731, a BeyondTrust Remote Support OS Command Injection Vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog. This addition is based on evidence of active exploitation and poses a significant risk, especially to federal enterprises, although CISA urges all organizations to remediate KEV vulnerabilities.
IFF Assessment
The addition of a vulnerability to the KEV catalog indicates active exploitation, posing an increased risk to organizations.
Severity
Defender Context
The inclusion of CVE-2026-1731 in the KEV catalog signals active exploitation, requiring immediate patching or mitigation, especially for BeyondTrust Remote Support users. Defenders should prioritize patching and monitor for suspicious activity indicative of command injection attempts. This highlights the need for proactive vulnerability management and threat hunting to address actively exploited vulnerabilities.