Let us handle IT so you can focus on growing your business.
Empower your IT team with scalable co-managed support.
Get multichannel 24/7/365 expert end-user support.
Protect, detect, and respond—Dataprise keeps your business secure.
Maximize uptime with with industry-leading DRaaS.
Swiftly mitigate cyber threats and restore security.
Improve efficiency, productivity and outcomes with cloud.
Ensure all mobile devices, everywhere, are secure.
Gain a competitive edge with strategic IT solutions.
This battle-tested checklist enables your team to swiftly initiate a ransomware response.
IT for businesses of all sizes, in any industry.
Empower institution growth with custom IT solutions.
Ensure your firm is always in compliance.
Improve patient care and staff morale.
Deal with pressing legal matters, not IT.
Keep up with the evolving digital landscape.
Focus on your mission by outsourcing IT.
Keep production running with secure, always-on IT.
Accelerate PE client deals and secure data.
Empower Your Municipality with Secure, Reliable IT Services
Execute initiatives and develop IT strategies.
Get the latest industry insights and trends.
Join us at events in person and online.
Hear from clients and learn more about strategic IT.
See how Dataprise can make IT your greatest asset.
Get informative technical resources from IT experts.
Stay on stop of emerging cybersecurity threats.
Discover the key areas of DR your organization needs to address to ensure downtime is minimized.
Gain a strategic asset by bringing harmony to IT.
Ensure 24/7 support and security with dedicated teams.
Drive business forward by partnering with Dataprise.
Meet our one-of-a-kind leadership team.
Discover the recognition Dataprise has earned.
Help us help businesses with strategic IT.
Grow through acquisition and partnership with Dataprise.
Embracing different perspectives and backgrounds.
Find a Dataprise location near you.
Dataprise is committed to empowering more women to consider a career in technology.
Explore our trusted partnerships with leading tech innovators.
Defense Digests
Table of content
Vulnerability Number: CVE-2026-1731
Severity Level: Critical 9.9
BeyondTrust has disclosed a pre‑authentication remote code execution flaw in its Remote Support and older Privileged Remote Access products. The vulnerability is triggered by a crafted WebSocket ”remoteVersion” parameter that allows unauthenticated attackers to execute arbitrary operating‑system commands with high privileges. Active exploitation has been observed in the wild, including deployment of web shells, ransomware‑like tools, and data exfiltration
The flaw resides in the thin‑scc‑wrapper component, which parses the remoteVersion value using Bash arithmetic contexts. Insufficient sanitization permits command substitution (e.g., $(cmd)) to be evaluated before the version check, resulting in OS command injection (CWE‑78).
BeyondTrust released advisory BT26‑02 on 6 Feb 2026 and issued patches for affected versions. Dataprise Labs discovery has confirmed active exploitation: threat actors performed network reconnaissance, created domain and local accounts, deployed multiple web shells (single‑line PHP backdoor, aws.php, password‑protected file_save.php), used the Go‑based SparkRAT and VShell Linux backdoors, leveraged Bash droppers that hide in‑memory PHP payloads, and exfiltrated hostnames via DNS tunnelling to OAST services. Palo Alto Networks’ Cortex Xpanse has reportedly identified more than 10 600 publicly exposed BeyondTrust instances as of the publication date.
Successful exploitation can lead to unauthenticated remote code execution, full system compromise, creation of privileged accounts, deployment of persistent backdoors (SparkRAT, VShell), lateral movement across internal networks, and exfiltration of sensitive data or configuration files. The activity has been observed in multiple sectors—including financial services, legal, high‑technology, higher education, wholesale/retail, and healthcare—across the United States, France, Germany, Australia, and Canada.
1. Apply the official BeyondTrust patches:
2. Enable the automatic update service on all self‑hosted appliances to receive future fixes without manual intervention. 3. Restrict access to the Remote Support WebSocket endpoint to internal, segmented management networks and enforce zero‑trust controls. 4. Deploy detection and response tooling, use Advanced URL Filtering and Advanced DNS Security to block known malicious C2 domains.
5. Conduct forensic review for signs of compromise (unexpected accounts, web‑shell files, abnormal network traffic) and engage the Dataprise Incident Response team or BeyondTrust Support if a breach is suspected.
Contributing Authors
Dallas Myers – Dataprise Cyber Security Services
INSIGHTS
Subscribe to get real-time notifications when a new Dataprise Defense Digest is published.