Remote Support
CVE-2026-1731
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
AnalysisAI
BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute OS commands through specially crafted requests. With EPSS 66% and KEV listing with public PoC, this vulnerability is devastating because these products are specifically designed for privileged remote access — compromising them grants attackers access to the most sensitive systems in an organization.
Technical ContextAI
The vulnerability exists in the request processing pipeline before any authentication checks, meaning no credentials are needed. User-supplied input in HTTP requests is incorporated into OS commands without proper sanitization. BeyondTrust RS/PRA products are Privileged Access Management (PAM) solutions — they are the gateway through which administrators and support staff access critical systems. Compromising these products gives attackers access to the same highly privileged sessions and credentials they protect.
RemediationAI
Apply BeyondTrust security update immediately — this is EMERGENCY priority. If patching is delayed, take the appliance offline. Audit all privileged sessions and stored credentials for unauthorized access. Rotate all credentials managed through BeyondTrust. Review session recordings for suspicious activity. Conduct full incident response investigation.
More in Remote Support
View allBomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which ca
Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Rem
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injectio
Authentication bypass in BeyondTrust Remote Support (and the related Privileged Remote Access product) lets an unauthent
Pre-authentication access-control bypass in BeyondTrust Remote Support and Privileged Remote Access appliances lets a ne
Denial-of-service in BeyondTrust Remote Support and Privileged Remote Access appliances lets an unauthenticated remote a
Improper data-query neutralization (NoSQL injection) in the web application component of BeyondTrust Remote Support and
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijac
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacke
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today