← back
CVE-2026-1731

Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

CVSS 9.9 CRITICALEPSS 86.1%● KEVCWE-78
Vexday Risk Score
100Fix now
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 9.9EPSS 86.1%KEV simPoC públicaNuclei simMetasploit simPatch
Lifecycle
06 Feb 2026Metasploit module available
06 Feb 2026Published on NVD
13 Feb 2026Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A critical flaw in BeyondTrust Remote Support and older PRA versions allows attackers to run commands on the server without needing to log in. An attacker can send malicious requests to take full control of the system.

Technical detail

Pre-authentication remote code execution via CWE-78 (OS command injection) in BeyondTrust RS/PRA. Unauthenticated remote attackers can craft specialized requests to execute arbitrary OS commands with site user privileges, requiring no authentication or user interaction.

Summary generated and translated by AI from the official description.
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L
Affected products
BeyondTrust · Remote Support(RS) & Privileged Remote Access(PRA)
public PoCs found1
cve_referencegithub.com/win3zz/CVE-2026-1731unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0023293https://github.com/win3zz/CVE-2026-1731https://www.beyondtrust.com/trust-center/security-advisories/bt26-02https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731