Description
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Published: 2026-02-06
Score: 9.9 Critical
EPSS: 88.1% High
KEV: Yes
Impact: n/a
Action: n/a
AI Analysis

Impact

BeyondTrust Remote Support (RS) and older editions of Privileged Remote Access (PRA) have a pre‑authentication remote code execution flaw (CWE‑78). Attackers can send specially crafted requests to the service, causing it to execute arbitrary operating system commands under the context of the site user, enabling full compromise of the host and jeopardizing confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects BeyondTrust Remote Support and Privileged Remote Access. Specific version ranges are not listed in the data, so any installation of RS or older releases of PRA that considered at risk. Based on the information, it is uncertain which exact older releases un should be evaluated.

Risk and Exploitability

The CVSS score of 9.9 indicates critical severity. The EPSS score of 88% indicates a high likelihood that the vulnerability may be exploited. Based on the description, it is inferred that the attack vector is remote and requires no authentication, allowing an unauthenticated attacker to trigger the flaw over the network. The vulnerability is listed in the CISA KEV catalog.

Generated by OpenCVE AI on July 16, 2026 at 12:58 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest vendor patch or upgrade BeyondTrust Remote Support and Privileged Remote Access to a version that contains the fix for CVE‑2026‑1731.
  • If an immediate patch is unavailable, isolate the affected systems from untrusted networks or disable external access to the Remote Support service to prevent unauthenticated traffic.
  • Configure firewall rules to allow only trusted internal hosts to connect to the Remote Support service, and enable logging and monitoring of Remote Support traffic to detect suspicious requests.

Generated by OpenCVE AI on July 16, 2026 at 12:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Feb 2026 13:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*
cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Sat, 14 Feb 2026 01:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Sat, 14 Feb 2026 00:30:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2026-02-13T00:00:00+00:00', 'dueDate': '2026-02-16T00:00:00+00:00'}


Fri, 13 Feb 2026 17:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 09 Feb 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Mon, 09 Feb 2026 11:00:00 +0000

Type Values Removed Values Added
First Time appeared Beyondtrust
Beyondtrust privileged Remote Access
Beyondtrust remote Support
Vendors & Products Beyondtrust
Beyondtrust privileged Remote Access
Beyondtrust remote Support

Fri, 06 Feb 2026 22:00:00 +0000

Type Values Removed Values Added
Description BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Title Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 9.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L'}


Subscriptions

Beyondtrust Privileged Remote Access Remote Support
cve-icon MITRE

Status: PUBLISHED

Assigner: BT

Published:

Updated: 2026-02-26T15:04:15.451Z

Reserved: 2026-01-31T23:54:56.922Z

Link: CVE-2026-1731

cve-icon Vulnrichment

Updated: 2026-02-09T15:01:48.065Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-06T22:16:11.020

Modified: 2026-06-17T10:16:24.797

Link: CVE-2026-1731

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-16T13:00:14Z

Weaknesses
  • CWE-78

    Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')