Unrated severityCISA KEVNVD Advisory· Published Feb 6, 2026· Updated Feb 26, 2026

Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

CVE-2026-1731

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Affected products

BeyondTrust/Remote Support(RS) & Privileged Remote Access(PRA)v5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

beyondtrustcorp.service-now.com/csmmitre
www.beyondtrust.com/trust-center/security-advisories/bt26-02mitre

News mentions

Exploits and vulnerabilities in Q1 2026
Securelist · May 7, 2026

cvss	0.000
epss	0.067
exploit	0.030
kev	0.120
patch	0.000
ransomware	0.060