CVE-2026-1731

Published Feb 6, 2026

Last updated a day ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2026-1731 is identified as a pre-authentication remote code execution vulnerability impacting BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) products. This flaw, categorized as an operating system command injection, allows an unauthenticated remote attacker to execute operating system commands in the context of the site user. The vulnerability can be exploited by sending specially crafted requests, and successful exploitation does not require any user interaction or prior authentication. BeyondTrust has released updates to address this issue, with patches available for Remote Support versions 25.3.2 and later, and Privileged Remote Access versions 25.1.1 and later.

Description: BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Source: 13061848-ea10-403d-bd75-c83a022c2891
NVD status: Awaiting Analysis

Risk scores

CVSS 4.0

Type: Secondary
Base score: 9.9
Impact score: -
Exploitability score: -
Vector string: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity: CRITICAL

Weaknesses

13061848-ea10-403d-bd75-c83a022c2891: CWE-78

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 12

References