vulnerability
BeyondTrust: CVE-2026-1731: Pre-authentication Command Injection
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Feb 6, 2026 | Feb 9, 2026 | Apr 21, 2026 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Feb 6, 2026
Added
Feb 9, 2026
Modified
Apr 21, 2026
Description
BeyondTrust Remote Support and older versions of Privileged Remote Access contain a critical pre-authentication remote code execution vulnerability that may be triggered through specially crafted client requests. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption. BeyondTrust is aware of and supporting a limited number of self-hosted customers in responding to active exploitation attempts of the previously disclosed critical vulnerability (CVE-2026-1731) in its Remote Support and Privileged Remote Access solutions.
Solutions
beyondtrust-remote-support-upgrade-latestbeyondtrust-privileged-remote-access-upgrade-latest
References
- https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
- https://www.rapid7.com/blog/post/etr-cve-2026-1731-critical-unauthenticated-remote-code-execution-rce-beyondtrust-remote-support-rs-privileged-remote-access-pra
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-5559
- CVE-2026-1731
- https://attackerkb.com/topics/CVE-2026-1731
- CWE-78
- EUVD-EUVD-2026-5559
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.