CVE-2026-1731

UNKNOWN 0.0

⚠️ CISA KEV

Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

CWE	CWE-78
Vendor	beyondtrust
Product	remote support(rs) & privileged remote access(pra)
Published	Feb 6, 2026
Last Updated	Feb 26, 2026

⚠️ Actively Exploited — Act Now

Get instant alerts for beyondtrust remote support(rs) & privileged remote access(pra)

This vulnerability is actively exploited in the wild. Set up free real-time alerts so you're first to know about threats like CVE-2026-1731.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

BeyondTrust / Remote Support(RS) & Privileged Remote Access(PRA)

0 ≤ RS 25.3.1 0 ≤ PRA 24.3.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

beyondtrustcorp.service-now.com: https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0023293 beyondtrust.com: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 github.com: https://github.com/win3zz/CVE-2026-1731 cisa.gov: https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731 greynoise.io: https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731