Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.9
BeyondTrust Remote Support and PRA: Unauthenticated Command Execution
Known exploited
Exploitation likelihood: 69%
CVE-2026-1731
CVE-2026-1731
Summary
Attackers can access and control your computer without a password. This can lead to unauthorized data theft or system crashes. Update your BeyondTrust software to fix this issue.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| beyondtrust | remote support (rs) and privileged remote access (pra) | All versions | – |
| beyondtrust | privileged_remote_access | <= 25.1 | – |
| beyondtrust | remote_support | <= 25.3.2 | – |
Original title
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
Original description
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.
Vulnerability type
CWE-78
OS Command Injection
- https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB... Permissions Required
- https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 Vendor Advisory
- https://github.com/win3zz/CVE-2026-1731 Exploit Third Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-... US Government Resource
- https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731 Third Party Advisory
Published: 13 Feb 2026 · Updated: 15 Mar 2026 · First seen: 6 Mar 2026