CVE-2026-1731 (GCVE-0-2026-1731)

Vulnerability from cvelistv5 – Published: 2026-02-06 21:49 – Updated: 2026-02-26 15:04
VLAI CISA KEV EUVD KEV KEVintel KEV
Title
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
Summary
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Severity
9.9 (Critical)
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L
SSVC
Exploitation: active Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
BT
References
Impacted products
Vendor Product Version
BeyondTrust Remote Support(RS) & Privileged Remote Access(PRA) Affected: 0 , ≤ RS 25.3.1 (custom)
Affected: 0 , ≤ PRA 24.3.4 (custom)
Create a notification for this product.
CISA KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 476a306e-2a29-4830-8026-9169841bf88f

Vulnerability ID: CVE-2026-1731

Status: Confirmed

Status Updated: 2026-02-13 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2026-02-13
Asserted: 2026-02-13
Scope
Notes: KEV entry: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability | Affected: BeyondTrust / Remote Support (RS) and Privileged Remote Access (PRA) | Description: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731
Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details
Cwes CWE-78
Feed CISA Known Exploited Vulnerabilities Catalog
Product Remote Support (RS) and Privileged Remote Access (PRA)
Due Date 2026-02-16
Date Added 2026-02-13
Vendorproject BeyondTrust
Vulnerabilityname BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
Knownransomwarecampaignuse Unknown
References
Created: 2026-02-16 17:38 UTC | Updated: 2026-02-16 17:38 UTC
EUVD KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 90740855-a2b8-4f16-b41e-2dac516da525

Vulnerability ID: CVE-2026-1731

Status: Confirmed

Status Updated: 2026-06-04 00:00 UTC

Exploited: Yes

Timestamps
First Seen: 2026-06-04
Asserted: 2026-06-04
Scope
Notes: Affected: BeyondTrust / Remote Support (RS), Privileged Remote Access (PRA) | Description: Critical pre-authentication RCE vulnerability. | CWEs: CWE-78 | Origin source: NCSC-FI | Notes: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
Evidence

Type: Csirt Report

Signal: Successful Exploitation

Confidence: 75%

Source: enisa-cnw-kev

Details
Cwes CWE-78
Euvd EUVD-2026-5559
Notes https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
Catalog ENISA / EU CSIRTs Network (CNW) KEV JSON
Product Remote Support (RS), Privileged Remote Access (PRA)
Datereported 2026/06/04
Originsource NCSC-FI
Vendorproject BeyondTrust
Exploitationtype -
Vulnerabilityname
Threatactorsexploiting -
References
Created: 2026-06-04 13:00 UTC | Updated: 2026-06-04 13:00 UTC
KEVintel KEV
Known Exploited Vulnerability - GCVE BCP-07 Compliant
KEV entry ID: 3093cd27-2fc0-40c0-a402-2a63ddedd8e3

Vulnerability ID: CVE-2026-1731

Status: Confirmed

Status Updated: 2026-06-01 10:51 UTC

Exploited: Yes

Timestamps
First Seen: 2026-06-01
Asserted: 2026-06-01
Scope
Notes: KEVIntel entry: Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) | Affected: BeyondTrust / Remote Support(RS) & Privileged Remote Access(PRA) | CVSS: 9.9 (CRITICAL) | EPSS: 0.86091 | Used in malware: yes | Not yet in CISA KEV: False
Evidence

Type: Public Report

Signal: Confirmed Compromise

Confidence: 70%

Source: kevintel

Details
Feed KEVIntel (kevintel.com)
Title Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
Vendor BeyondTrust
Product Remote Support(RS) & Privileged Remote Access(PRA)
Added Date 2026-06-01T10:51:06.572Z
Cvss Score 9.9
Epss Score 0.86091
Cvss Severity CRITICAL
Epss Percentile 0.99703
Used In Malware yes
Ahead Of Cisa Kev 
{
  "count": 1,
  "unit": "day"
}
Not Yet In Cisa Kev False
References
Created: 2026-06-19 12:45 UTC | Updated: 2026-06-19 12:45 UTC
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1731",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-14T04:55:25.328322Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2026-02-13",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:15.451Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/win3zz/CVE-2026-1731"
          },
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731"
          },
          {
            "tags": [
              "third-party-advisory"
            ],
            "url": "https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-02-13T00:00:00.000Z",
            "value": "CVE-2026-1731 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Remote Support(RS) \u0026 Privileged Remote Access(PRA)",
          "vendor": "BeyondTrust",
          "versions": [
            {
              "lessThanOrEqual": "RS 25.3.1",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "PRA 24.3.4",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eBeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-248",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-248 Command Injection"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "LOW",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-78",
              "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-06T21:49:20.844Z",
        "orgId": "13061848-ea10-403d-bd75-c83a022c2891",
        "shortName": "BT"
      },
      "references": [
        {
          "url": "https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article\u0026sysparm_article=KB0023293"
        },
        {
          "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt26-02"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "13061848-ea10-403d-bd75-c83a022c2891",
    "assignerShortName": "BT",
    "cveId": "CVE-2026-1731",
    "datePublished": "2026-02-06T21:49:20.844Z",
    "dateReserved": "2026-01-31T23:54:56.922Z",
    "dateUpdated": "2026-02-26T15:04:15.451Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2026-1731",
      "cwes": "[\"CWE-78\"]",
      "dateAdded": "2026-02-13",
      "dueDate": "2026-02-16",
      "knownRansomwareCampaignUse": "Known",
      "notes": "Please adhere to the vendor\u0027s guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731",
      "product": "Remote Support (RS) and Privileged Remote Access (PRA)",
      "requiredAction": "Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.",
      "shortDescription": "BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.",
      "vendorProject": "BeyondTrust",
      "vulnerabilityName": "BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability"
    },
    "epss": {
      "cve": "CVE-2026-1731",
      "date": "2026-06-20",
      "epss": "0.86091",
      "percentile": "0.99702"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-1731\",\"sourceIdentifier\":\"13061848-ea10-403d-bd75-c83a022c2891\",\"published\":\"2026-02-06T22:16:11.020\",\"lastModified\":\"2026-02-17T13:40:10.320\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"13061848-ea10-403d-bd75-c83a022c2891\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"HIGH\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"LOW\",\"subIntegrityImpact\":\"HIGH\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"cisaExploitAdd\":\"2026-02-13\",\"cisaActionDue\":\"2026-02-16\",\"cisaRequiredAction\":\"Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.\",\"cisaVulnerabilityName\":\"BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability\",\"weaknesses\":[{\"source\":\"13061848-ea10-403d-bd75-c83a022c2891\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"25.1\",\"matchCriteriaId\":\"A82D26FE-8791-41BC-A71B-4C2FEB81C41C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"25.3.2\",\"matchCriteriaId\":\"178845B4-26D3-4C94-AED9-1C847B9357F1\"}]}]}],\"references\":[{\"url\":\"https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article\u0026sysparm_article=KB0023293\",\"source\":\"13061848-ea10-403d-bd75-c83a022c2891\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.beyondtrust.com/trust-center/security-advisories/bt26-02\",\"source\":\"13061848-ea10-403d-bd75-c83a022c2891\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/win3zz/CVE-2026-1731\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]},{\"url\":\"https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-1731\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-02-14T00:18:31.196840Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2026-02-13\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731\"}}}], \"references\": [{\"url\": \"https://github.com/win3zz/CVE-2026-1731\", \"tags\": [\"exploit\"]}, {\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731\", \"tags\": [\"government-resource\"]}, {\"url\": \"https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731\", \"tags\": [\"third-party-advisory\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-09T15:01:48.065Z\"}, \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-02-13T00:00:00.000Z\", \"value\": \"CVE-2026-1731 added to CISA KEV\"}]}], \"cna\": {\"title\": \"Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"impacts\": [{\"capecId\": \"CAPEC-248\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-248 Command Injection\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV4_0\": {\"Safety\": \"NOT_DEFINED\", \"version\": \"4.0\", \"Recovery\": \"NOT_DEFINED\", \"baseScore\": 9.9, \"Automatable\": \"NOT_DEFINED\", \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L\", \"exploitMaturity\": \"NOT_DEFINED\", \"providerUrgency\": \"NOT_DEFINED\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"subIntegrityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"HIGH\", \"subAvailabilityImpact\": \"LOW\", \"vulnAvailabilityImpact\": \"HIGH\", \"subConfidentialityImpact\": \"LOW\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"BeyondTrust\", \"product\": \"Remote Support(RS) \u0026 Privileged Remote Access(PRA)\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"RS 25.3.1\"}, {\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"PRA 24.3.4\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article\u0026sysparm_article=KB0023293\"}, {\"url\": \"https://www.beyondtrust.com/trust-center/security-advisories/bt26-02\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.5.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003eBeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-78\", \"description\": \"CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"13061848-ea10-403d-bd75-c83a022c2891\", \"shortName\": \"BT\", \"dateUpdated\": \"2026-02-06T21:49:20.844Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-1731\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-02-14T05:20:23.748Z\", \"dateReserved\": \"2026-01-31T23:54:56.922Z\", \"assignerOrgId\": \"13061848-ea10-403d-bd75-c83a022c2891\", \"datePublished\": \"2026-02-06T21:49:20.844Z\", \"assignerShortName\": \"BT\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.