Weekly Exploit Roundup

Generated 2026-02-10T08:00:14.234959+00:00 (UTC)

1. CVE-2026-1731: Critical Unauthenticated Remote Code Execution in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
   Source: Rapid7 Cybersecurity Blog | Published: 2026-02-09T19:15:00+00:00 | Score: 29.62
   Overview On February 6, 2026, BeyondTrust released security advisory BT26-02, disclosing a critical pre-authentication Remote Code Execution (RCE) vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. Assigned CVE-2026-1731 and a near-maximum CVSSv4 score of 9.9, the flaw allows unauthenticated, remote attackers to execute arbitrary operating system commands in the context of the site user by sending specially crafted requests. The vulnerability affects Remote Support (RS) versions 25.3.1 and prior, as well as Privileged Remote Access (PRA) versions 24.3.4 and prior. While BeyondTrust automatically patched SaaS instances on February 2, 2026, self-hosted customers remain at risk until manual updates are applied. The issue was discovered by researchers at Hacktron AI using AI-enabled variant analysis; they identified approximately 8,500 on-premises instances exposed to the internet that could be susceptible to this straightforward exploitation vecto
2. Beyond the Battlefield: Threats to the Defense Industrial Base
   Source: Threat Intelligence | Published: 2026-02-10T14:00:00+00:00 | Score: 23.0
   Introduction In modern warfare, the front lines are no longer confined to the battlefield; they extend directly into the servers and supply chains of the industry that safeguards the nation. Today, the defense sector faces a relentless barrage of cyber operations conducted by state-sponsored actors and criminal groups alike. In recent years, Google Threat Intelligence Group (GTIG) has observed several distinct areas of focus in adversarial targeting of the defense industrial base (DIB). While not exhaustive of all actors and means, some of the more prominent themes in the landscape today include: Consistent effort has been dedicated to targeting defense entities fielding technologies on the battlefield in the Russia-Ukraine War. As next-generation capabilities are being operationalized in this environment, Russia-nexus threat actors and hacktivists are seeking to compromise defense contractors alongside military assets and systems, with a focus on organizations involved with unmanned a
3. CISA Adds Actively Exploited SolarWinds Web Help Desk RCE to KEV Catalog
   Source: The Hacker News | Published: 2026-02-04T05:50:00+00:00 | Score: 22.25
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) to its Known Exploited Vulnerabilities (KEV) catalog, flagging it as actively exploited in attacks.
   The vulnerability, tracked as CVE-2025-40551 (CVSS score: 9.8), is a untrusted data deserialization vulnerability that could pave the way for remote
4. BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA
   Source: The Hacker News | Published: 2026-02-09T08:03:00+00:00 | Score: 19.887
   BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution.
   "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company
5. Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
   Source: The Hacker News | Published: 2026-02-10T04:38:00+00:00 | Score: 17.0
   Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems.
   The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0.

   "An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may

6. Hackers Exploit Metro4Shell RCE Flaw in React Native CLI npm Package
   Source: The Hacker News | Published: 2026-02-03T14:00:00+00:00 | Score: 15.778
   Threat actors have been observed exploiting a critical security flaw impacting the Metro Development Server in the popular "@react-native-community/cli" npm package.
   Cybersecurity company VulnCheck said it first observed exploitation of CVE-2025-11953 (aka Metro4Shell) on December 21, 2025. With a CVSS score of 9.8, the vulnerability allows remote unauthenticated attackers to execute arbitrary
7. Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next
   Source: Rapid7 Cybersecurity Blog | Published: 2026-02-05T15:00:00+00:00 | Score: 15.137
   When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams. The investigation showed that attackers did not exploit a flaw in the application itself. Instead, they compromised the hosting infrastructure used to deliver updates, allowing a highly targeted group to selectively distribute a previously undocumented backdoor associated with the Lotus Blossom APT. Subsequent reporting from outlets including BleepingComputer , The Register , SecurityWeek , and The Hacker News has helped clarify the scope of the incident. What’s clear is that this was a supply chain attack against distribution infrastructure, not source code. The attackers maintained access for months, redirected update traffic selectively, and limited delivery of the Chrysalis payload to specific targets, helping them stay hidden and focused on espionage rather than mass compromise. What does the N
8. Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
   Source: The Hacker News | Published: 2026-02-05T06:16:00+00:00 | Score: 13.977
   A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands.
   The flaw, tracked as CVE-2026-25049 (CVSS score: 9.4), is the result of inadequate sanitization that bypasses safeguards put in place to address CVE-2025-68613 (CVSS score: 9.9), another critical defect that
9. CISA warns of SmarterMail RCE flaw used in ransomware attacks
   Source: BleepingComputer | Published: 2026-02-06T17:16:03+00:00 | Score: 13.919
   The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks. […]
10. Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)
    Source: Rapid7 Cybersecurity Blog | Published: 2026-02-09T19:00:00+00:00 | Score: 13.613
    We are grateful to the research team at Atredis for sharing their findings around a vulnerability ( CVE-2026-1814 ) impacting our vulnerability management offerings (InsightVM and Nexpose). We have identified a fix that addresses this vulnerability and will be delivered via a Security Console product update with no customer action required. The update is currently being released through our normal gradual release cycle and will be rolled out to all customers by end of day Thursday, February 12. InsightVM or Nexpose customers with automatic product updates enabled will receive and process this update when it is released. Customers who manually control their own update version can utilize the manual update process within the security console to update to version 8.36.0 when it is made available. We recommend those customers schedule this update as soon as reasonably possible. As outlined in our policies around vulnerabilities and disclosures , Rapid7 practices and advocates for timely pu

End of report.