CVE-2026-1731 is an unauthenticated RCE in BeyondTrust’s Bomgar RMM platform under active exploitation, with an EPSS score at the 99th percentile. Because RMM agents operate with elevated privileges across all managed endpoints, a single compromised instance functions as an enterprise-wide ransomware deployment mechanism. This is an emergency response event, not a routine patch cycle item.