Unrated severityCISA KEVNVD Advisory· Published Feb 6, 2026· Updated Feb 26, 2026
Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
CVE-2026-1731
Description
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Affected products
3(expand)+ 1 more
- (no CPE)
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
2News mentions
4- Exploits and vulnerabilities in Q1 2026Securelist · May 7, 2026
- ⚡ Weekly Recap: Fast16 Malware, XChat Launch, Federal Backdoor, AI Employee Tracking & MoreThe Hacker News · Apr 27, 2026
- Surge in Bomgar RMM Exploitation Demonstrates Supply Chain RiskDark Reading · Apr 21, 2026
- Risky Business #824 -- Microsoft's Secure Future is looking a bit wobblyRisky Business · Feb 11, 2026