Skip to main content

Remote Support CVE-2026-1731

CRITICAL
OS Command Injection (CWE-78)
2026-02-06 13061848-ea10-403d-bd75-c83a022c2891
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
Added to CISA KEV
Feb 17, 2026 - 13:40 cisa
CISA KEV
PoC Detected
Feb 17, 2026 - 13:40 vuln.today
Public exploit code
CVE Published
Feb 06, 2026 - 22:16 nvd
CRITICAL 9.8

DescriptionCVE.org

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

AnalysisAI

BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute OS commands through specially crafted requests. With EPSS 66% and KEV listing with public PoC, this vulnerability is devastating because these products are specifically designed for privileged remote access — compromising them grants attackers access to the most sensitive systems in an organization.

Technical ContextAI

The vulnerability exists in the request processing pipeline before any authentication checks, meaning no credentials are needed. User-supplied input in HTTP requests is incorporated into OS commands without proper sanitization. BeyondTrust RS/PRA products are Privileged Access Management (PAM) solutions — they are the gateway through which administrators and support staff access critical systems. Compromising these products gives attackers access to the same highly privileged sessions and credentials they protect.

RemediationAI

Apply BeyondTrust security update immediately — this is EMERGENCY priority. If patching is delayed, take the appliance offline. Audit all privileged sessions and stored credentials for unauthorized access. Rotate all credentials managed through BeyondTrust. Review session recordings for suspicious activity. Conduct full incident response investigation.

CVE-2015-0935 HIGH POC
7.5 May 25

Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to

CVE-2024-12356 CRITICAL POC
9.8 Dec 17

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which ca

CVE-2025-5309 CRITICAL
9.8 Jun 16

Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Rem

CVE-2023-4310 CRITICAL
9.8 Sep 05

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injectio

CVE-2026-40139 CRITICAL
9.2 Jul 06

Authentication bypass in BeyondTrust Remote Support (and the related Privileged Remote Access product) lets an unauthent

CVE-2026-40138 CRITICAL
9.2 Jul 06

Pre-authentication access-control bypass in BeyondTrust Remote Support and Privileged Remote Access appliances lets a ne

CVE-2026-40140 HIGH
8.7 Jul 06

Denial-of-service in BeyondTrust Remote Support and Privileged Remote Access appliances lets an unauthenticated remote a

CVE-2026-40141 HIGH
8.5 Jul 06

Improper data-query neutralization (NoSQL injection) in the web application component of BeyondTrust Remote Support and

CVE-2017-5996 HIGH
7.8 Oct 26

The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijac

CVE-2024-12686 HIGH
7.2 Dec 18

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacke

Share

CVE-2026-1731 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy