NVD disclosure day

Published threat advisories for February 6, 2026

CVE advisoryKnown Exploit

CVE-2026-1731

BeyondTrust Remote Support OS Command Injection Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A critical vulnerability in BeyondTrust Remote Support and Privileged Remote Access allows unauthenticated attackers to execute operating system commands, posing a significant business risk including unauthorized access and service disruption.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2026-21643

FortiClient EMS SQL Injection Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in Fortinet FortiClientEMS may allow an attacker to execute unauthorized code or commands via crafted HTTP requests. This could lead to unauthorized access and disruption of business systems. Organizations should secure affected assets and apply vendor-provided fixes.

NVD published: • CISA KEV