Researchers warn that a critical vulnerability patched this week in BeyondTrust Remote Support is being exploited in the wild to compromise self-hosted deployments, including Bomgar remote support appliances, which included affected versions of the impacted software.
Bomgar, a provider of privileged identity and access management products, acquired BeyondTrust in 2018, adopting the latterβs brand name. Bomgar on-premises hardware appliances, known as BeyondTrust B-series appliances, provide secure remote access to enterprise networks, but many hardware models have reached end of life, with customers encouraged to upgrade to either the virtual appliance or BeyondTrustβs SaaS offerings: Privileged Remote Access (Cloud) and Remote Support (Cloud).
Researchers from security firm Arctic Wolf have detected attacks that compromised Bomgar appliances through the CVE-2026-1731 flaw patched this week. The attackers attempted to then deploy the SimpleHelp remote management and monitoring (RMM) tool and perform lateral movement to other systems on the network.
