← Back

CVE-2026-1731

nvd nistnuclei
Published: Feb 6, 2026Modified: Feb 17, 2026CISA KEV

JSON object

Loading...
9.9
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: 13061848-ea10-403d-bd75-c83a022c2891 (Secondary)

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Affected (2)

Beyondtrust
2 products
Privileged Remote Access
Remote Support
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Privileged Remote Access
Before 25.1
Remote Support
Before 25.3.2

Related CWEs

CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (5)

Source: 13061848-ea10-403d-bd75-c83a022c2891
Permissions Required
Source: 13061848-ea10-403d-bd75-c83a022c2891
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
ExploitThird Party Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Third Party Advisory

Timeline

No history available yet.