CVE-2026-1731
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
In short
A critical flaw in BeyondTrust Remote Support and older PRA versions allows attackers to run commands on the server without needing to log in. An attacker can send malicious requests to take full control of the system.
Technical detail
Pre-authentication remote code execution via CWE-78 (OS command injection) in BeyondTrust RS/PRA. Unauthenticated remote attackers can craft specialized requests to execute arbitrary OS commands with site user privileges, requiring no authentication or user interaction.
Summary generated and translated by AI from the official description.
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L
Affected products
BeyondTrust · Remote Support(RS) & Privileged Remote Access(PRA)public PoCs found — 1
cve_referencegithub.com/win3zz/CVE-2026-1731unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0023293https://github.com/win3zz/CVE-2026-1731https://www.beyondtrust.com/trust-center/security-advisories/bt26-02https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731