CVE-2026-1731: Critical Bomgar RMM RCE Actively Exploited to Spread Ransomware

CVE-2026-1731 is a critical unauthenticated remote code execution flaw in Bomgar (BeyondTrust) Remote Support, the widely deployed remote monitoring and management platform. Threat actors are actively exploiting this vulnerability to distribute ransomware and move laterally across managed environments.

Because RMM tools operate with elevated privileges across managed endpoints, compromise of a single Bomgar server gives attackers a pre-authenticated foothold into every system the platform manages. The supply chain risk is acute: organizations trusting the RMM agent to push legitimate changes cannot easily distinguish attacker-driven sessions from normal operations.

Organizations running Bomgar or BeyondTrust Remote Support should patch CVE-2026-1731 immediately, audit recent remote access session logs for unauthorized connections, and validate which systems the platform has administrative access to. Consider isolating RMM infrastructure to a dedicated management VLAN and restricting inbound connections to known management IPs.