Intrusion PreventionBeyondTrust.Remote.Support.nw.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in BeyondTrust Remote Support.
The vulnerability is due to insufficient input validation. A remote attacker can exploit this vulnerability by sending a crafted request to the target device. Successful exploitation could result in arbitrary command execution.
Outbreak Alert
This report provides an overview of ongoing Iran-linked cyber operations, highlighting activity attributed to state-aligned proxies and hacktivist groups. The vulnerabilities listed are suspected to be exploited by actors associated with Iran in real-world campaigns, consistent with observed tactics, techniques, and procedures (TTPs). Iran-linked operations continue to rely on distributed, lower-complexity techniques, including phishing, DDoS, data exfiltration, and destructive attacks. Initial access is primarily achieved through exploitation of known, unpatched vulnerabilities and exposed edge infrastructure, reflecting a persistent and opportunistic threat posture targeting government, critical infrastructure, and enterprise environments.
Affected Products
BeyondTrust Remote Support version 25.3.1 and prior
BeyondTrust Privileged Remote Access version 24.3.4 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| ID | 60346 |
| Created | Feb 17, 2026 |
| Updated | Mar 25, 2026 |
| CVE ID | |
| Tags | Iran-linked Cyber Attacks Threat Signal |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 81.5% |
| Default Action | drop |
| Active | |
| Affected OS | Linux, Other |
| Affected App | Other |
| Profile Type | OS Command Injection |