CVE-2026-1731

Published Feb 6, 2026

Last updated a month ago

Exploit knownCVSS critical 9.9
OT
HTTP
BeyondTrust Remote Support
SSH
API
Beyondtrust
Port (22)

Overview

Description
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Source
13061848-ea10-403d-bd75-c83a022c2891
NVD status
Analyzed
Products
privileged_remote_access, remote_support

Risk scores

CVSS 4.0

Type
Secondary
Base score
9.9
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
CRITICAL

CVSS 3.1

Type
Primary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Known exploits

Data from CISA

Vulnerability name
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
Exploit added on
Feb 13, 2026
Exploit action due
Feb 16, 2026
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Weaknesses

13061848-ea10-403d-bd75-c83a022c2891
CWE-78

Social media

Hype score
Not currently trending

  1. Top 30 CVEs for ecosystem (30 days). Top CVEs: CVE-2022-20775, CVE-2025-40551, CVE-2026-1731 VulnSocial — your risk exposure provider. #vulnsocial #CVE #CyberSecurity #VulnerabilityManagement https://t.co/S02Q7THYkX

    @vulnsocial

    6 Mar 2026

    2 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Top 10 CVEs for ecosystem (30 days). CVE-2010-5139 CVE-2004-0200 CVE-2008-0015 CVE-2024-43468 CVE-2025-40551 CVE-2018-17144 CVE-2025-11953 CVE-2026-2441 CVE-2026-1731 https://t.co/cWlQJaYf4S #CyberInsights #SecurityUpdate #CyberTrends #TechSecurity #CyberNews #DataProtection

    @vulnsocial

    2 Mar 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. ペネトレーションテストツールのMetasploitが更新。Linux向けRC4パッカー、OllamaのCVE-2024-37032、BeyondTrustのCVE-2026-1731、GrandstreamのCVE-2026-2329に対応する攻撃コード、Windows向け永続化の追加。 https://t.co/GiidCAOHcs

    @__kokumoto

    28 Feb 2026

    1962 Impressions

    5 Retweets

    36 Likes

    13 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 Metasploit Update Drops Linux RC4 Evasion + New RCE Exploits for Ollama, BeyondTrust, and VoIP Rapid7’s Feb 27 Metasploit release adds new exploit modules for high-severity RCE issues (including Ollama CVE-2024-37032, BeyondTrust PRA/RS CVE-2026-1731, and Grandstream GXP16

    @ThreatSynop

    28 Feb 2026

    70 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. [HIGH] CISA Issues Emergency Patches for Critical Vulnerabilities CISA releases patches for critical flaws in multiple platforms. CVE: CVE-2026-1731, CVE-2025-12543 • APT: Unknown • Status: ACTIVE Urgent action needed t… https://t.co/J2iNIRDDMh

    @MysocAi

    24 Feb 2026

    0 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. Roundcube vulnerabilities (CVE-2025-49113, CVE-2025-68461) and BeyondTrust CVE-2026-1731 exploited in ransomware attacks delivering SparkRAT and VShell. PayPal and FICOBA breaches affect millions. AI and quantum security make progress. #BeyondTrust #PayPal https://t.co/fND6z5Jb1x

    @TweetThreatNews

    23 Feb 2026

    44 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  7. Top 5 Trending CVEs: 1 - CVE-2026-2441 2 - CVE-2026-25253 3 - CVE-2026-1731 4 - CVE-2026-21509 5 - CVE-2025-32756 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    22 Feb 2026

    142 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  8. Active exploits surge with critical vulnerabilities in Roundcube CVE-2025-49113/68461 and BeyondTrust CVE-2026-1731 enabling SparkRAT, VShell, and more. ATM jackpotting, PayPal & FICOBA breaches also reported. #Roundcube #ATMJackpot #USA https://t.co/nsNtgjFzgH

    @TweetThreatNews

    22 Feb 2026

    128 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  9. Top 5 Trending CVEs: 1 - CVE-2026-2648 2 - CVE-2026-1731 3 - CVE-2025-15556 4 - CVE-2025-49113 5 - CVE-2025-6218 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    21 Feb 2026

    94 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  10. Top 5 Trending CVEs: 1 - CVE-2025-6218 2 - CVE-2025-52464 3 - CVE-2026-21509 4 - CVE-2026-20817 5 - CVE-2026-1731 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    20 Feb 2026

    104 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  11. Top 5 Trending CVEs: 1 - CVE-2026-20841 2 - CVE-2025-55177 3 - CVE-2026-1731 4 - CVE-2025-9961 5 - CVE-2026-22182 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    16 Feb 2026

    111 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  12. Top 5 Trending CVEs: 1 - CVE-2025-12725 2 - CVE-2026-25253 3 - CVE-2026-1731 4 - CVE-2026-21508 5 - CVE-2025-9961 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    15 Feb 2026

    109 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  13. Recent reporting by Help Net Security highlights a critical escalation in cyber conflict dynamics as attackers exploit a newly patched remote code execution vulnerability in BeyondTrust software. The flaw, CVE-2026-1731, shares technical similarities with CVE-2024-12356—a

    @ox0ffff

    15 Feb 2026

    71 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  14. Top 5 Trending CVEs: 1 - CVE-2022-1743 2 - CVE-2026-20841 3 - CVE-2025-15556 4 - CVE-2026-25253 5 - CVE-2026-1731 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    13 Feb 2026

    140 Impressions

    1 Retweet

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  15. Top 5 Trending CVEs: 1 - CVE-2025-32711 2 - CVE-2026-1731 3 - CVE-2025-61732 4 - CVE-2026-20817 5 - CVE-2026-25526 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    10 Feb 2026

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  16. 🚨 A critical pre-auth RCE has been disclosed in BeyondTrust Remote Support and PRA (CVE-2026-1731, CVSS 9.9) Our intel suggests this is another websocket vuln, similar to CVE-2024-12356 🍯We have added a BeyondTrust RS honeypot stream for Defused TF 👉 https://t.co/GXFaq

    @DefusedCyber

    9 Feb 2026

    7886 Impressions

    12 Retweets

    51 Likes

    10 Bookmarks

    0 Replies

    1 Quote

  17. Top 5 Trending CVEs: 1 - CVE-2025-55241 2 - CVE-2022-26766 3 - CVE-2026-1731 4 - CVE-2026-20817 5 - CVE-2026-21509 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W

    @CVEShield

    8 Feb 2026

    130 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access certain APIs to create a new administrative account.CVE-2026-4312
  2. Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access restriction and expose arbitrary local file contents in the MCP client application context. To remediate this issue, users should upgrade to version 1.3.9.CVE-2026-4270
  3. telnetd in GNU inetutils through 2.7 allows an out-of-bounds write in the LINEMODE SLC (Set Local Characters) suboption handler because add_slc does not check whether the buffer is full.CVE-2026-32746
  4. Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration.CVE-2026-3497
  5. A vulnerability allowing a low-privileged user to extract saved SSH credentials.CVE-2026-21670

References

Sources include official advisories and independent security research.