{"cve_id":"CVE-2026-1731","summary":"BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.","cvss":9.8,"cvss_version":3.0,"cvss_v2":null,"cvss_v3":9.8,"epss":0.79628,"ranking_epss":0.99088,"kev":true,"propose_action":"BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.","ransomware_campaign":"Known","references":["https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0023293","https://www.beyondtrust.com/trust-center/security-advisories/bt26-02","https://github.com/win3zz/CVE-2026-1731","https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731","https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731"],"published_time":"2026-02-06T22:16:11","cpes":["cpe:2.3:a:beyondtrust:privileged_remote_access:-","cpe:2.3:a:beyondtrust:privileged_remote_access:22.2.1","cpe:2.3:a:beyondtrust:privileged_remote_access:22.2.2","cpe:2.3:a:beyondtrust:privileged_remote_access:22.3.1","cpe:2.3:a:beyondtrust:privileged_remote_access:22.3.2","cpe:2.3:a:beyondtrust:privileged_remote_access:22.3.3","cpe:2.3:a:beyondtrust:privileged_remote_access:23.1.1","cpe:2.3:a:beyondtrust:privileged_remote_access:23.1.2","cpe:2.3:a:beyondtrust:privileged_remote_access:23.1.3","cpe:2.3:a:beyondtrust:privileged_remote_access:23.1.4","cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.1","cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.2","cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.3","cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.4","cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.5","cpe:2.3:a:beyondtrust:privileged_remote_access:23.3.1","cpe:2.3:a:beyondtrust:privileged_remote_access:23.3.2","cpe:2.3:a:beyondtrust:privileged_remote_access:23.3.3","cpe:2.3:a:beyondtrust:privileged_remote_access:23.3.4","cpe:2.3:a:beyondtrust:privileged_remote_access:24.1.1","cpe:2.3:a:beyondtrust:privileged_remote_access:24.1.2","cpe:2.3:a:beyondtrust:privileged_remote_access:24.1.3","cpe:2.3:a:beyondtrust:privileged_remote_access:24.1.4","cpe:2.3:a:beyondtrust:privileged_remote_access:24.2.2","cpe:2.3:a:beyondtrust:privileged_remote_access:24.2.3","cpe:2.3:a:beyondtrust:privileged_remote_access:24.2.4","cpe:2.3:a:beyondtrust:privileged_remote_access:24.3.1","cpe:2.3:a:beyondtrust:privileged_remote_access:24.3.4","cpe:2.3:a:beyondtrust:remote_support:-","cpe:2.3:a:beyondtrust:remote_support:10.0.0","cpe:2.3:a:beyondtrust:remote_support:10.0.1","cpe:2.3:a:beyondtrust:remote_support:10.0.11","cpe:2.3:a:beyondtrust:remote_support:10.0.12","cpe:2.3:a:beyondtrust:remote_support:10.0.15","cpe:2.3:a:beyondtrust:remote_support:10.0.2","cpe:2.3:a:beyondtrust:remote_support:10.0.4","cpe:2.3:a:beyondtrust:remote_support:10.0.5","cpe:2.3:a:beyondtrust:remote_support:10.0.6","cpe:2.3:a:beyondtrust:remote_support:10.0.7","cpe:2.3:a:beyondtrust:remote_support:10.0.9","cpe:2.3:a:beyondtrust:remote_support:10.1","cpe:2.3:a:beyondtrust:remote_support:10.1.2","cpe:2.3:a:beyondtrust:remote_support:10.1.3","cpe:2.3:a:beyondtrust:remote_support:10.1.5","cpe:2.3:a:beyondtrust:remote_support:10.1.7","cpe:2.3:a:beyondtrust:remote_support:10.2","cpe:2.3:a:beyondtrust:remote_support:10.2.10","cpe:2.3:a:beyondtrust:remote_support:10.2.2","cpe:2.3:a:beyondtrust:remote_support:10.2.3","cpe:2.3:a:beyondtrust:remote_support:10.2.6","cpe:2.3:a:beyondtrust:remote_support:10.2.8","cpe:2.3:a:beyondtrust:remote_support:10.2.9","cpe:2.3:a:beyondtrust:remote_support:10.3.0","cpe:2.3:a:beyondtrust:remote_support:10.3.1","cpe:2.3:a:beyondtrust:remote_support:10.3.2","cpe:2.3:a:beyondtrust:remote_support:10.3.3","cpe:2.3:a:beyondtrust:remote_support:10.3.4","cpe:2.3:a:beyondtrust:remote_support:10.3.6","cpe:2.3:a:beyondtrust:remote_support:10.3.8","cpe:2.3:a:beyondtrust:remote_support:10.4.0","cpe:2.3:a:beyondtrust:remote_support:10.4.1","cpe:2.3:a:beyondtrust:remote_support:10.4.11","cpe:2.3:a:beyondtrust:remote_support:10.4.3","cpe:2.3:a:beyondtrust:remote_support:10.4.4","cpe:2.3:a:beyondtrust:remote_support:10.4.5","cpe:2.3:a:beyondtrust:remote_support:10.4.6","cpe:2.3:a:beyondtrust:remote_support:10.4.8","cpe:2.3:a:beyondtrust:remote_support:10.4.9","cpe:2.3:a:beyondtrust:remote_support:10.5.0","cpe:2.3:a:beyondtrust:remote_support:10.5.1","cpe:2.3:a:beyondtrust:remote_support:10.5.2","cpe:2.3:a:beyondtrust:remote_support:10.5.3","cpe:2.3:a:beyondtrust:remote_support:10.5.4","cpe:2.3:a:beyondtrust:remote_support:10.5.5","cpe:2.3:a:beyondtrust:remote_support:10.6.0","cpe:2.3:a:beyondtrust:remote_support:10.6.2","cpe:2.3:a:beyondtrust:remote_support:10.6.3","cpe:2.3:a:beyondtrust:remote_support:10.6.4","cpe:2.3:a:beyondtrust:remote_support:10.6.5","cpe:2.3:a:beyondtrust:remote_support:10.6.6","cpe:2.3:a:beyondtrust:remote_support:11.1.0","cpe:2.3:a:beyondtrust:remote_support:11.1.1","cpe:2.3:a:beyondtrust:remote_support:11.1.2","cpe:2.3:a:beyondtrust:remote_support:11.1.3","cpe:2.3:a:beyondtrust:remote_support:11.1.4","cpe:2.3:a:beyondtrust:remote_support:12.1.1","cpe:2.3:a:beyondtrust:remote_support:12.1.2","cpe:2.3:a:beyondtrust:remote_support:12.1.4","cpe:2.3:a:beyondtrust:remote_support:12.1.5","cpe:2.3:a:beyondtrust:remote_support:12.2.1","cpe:2.3:a:beyondtrust:remote_support:12.2.3","cpe:2.3:a:beyondtrust:remote_support:12.2.4","cpe:2.3:a:beyondtrust:remote_support:12.3.1","cpe:2.3:a:beyondtrust:remote_support:12.3.2","cpe:2.3:a:beyondtrust:remote_support:12.3.4","cpe:2.3:a:beyondtrust:remote_support:12.3.5","cpe:2.3:a:beyondtrust:remote_support:13.1.1","cpe:2.3:a:beyondtrust:remote_support:13.1.2","cpe:2.3:a:beyondtrust:remote_support:13.1.3","cpe:2.3:a:beyondtrust:remote_support:14.1.1","cpe:2.3:a:beyondtrust:remote_support:14.1.2","cpe:2.3:a:beyondtrust:remote_support:14.1.3","cpe:2.3:a:beyondtrust:remote_support:14.1.4","cpe:2.3:a:beyondtrust:remote_support:14.2.1","cpe:2.3:a:beyondtrust:remote_support:14.2.2","cpe:2.3:a:beyondtrust:remote_support:14.2.3","cpe:2.3:a:beyondtrust:remote_support:14.3.1","cpe:2.3:a:beyondtrust:remote_support:14.3.2","cpe:2.3:a:beyondtrust:remote_support:14.3.3","cpe:2.3:a:beyondtrust:remote_support:15.1.1","cpe:2.3:a:beyondtrust:remote_support:15.1.2","cpe:2.3:a:beyondtrust:remote_support:15.1.3","cpe:2.3:a:beyondtrust:remote_support:15.1.4","cpe:2.3:a:beyondtrust:remote_support:15.2.1","cpe:2.3:a:beyondtrust:remote_support:15.2.2","cpe:2.3:a:beyondtrust:remote_support:15.2.3","cpe:2.3:a:beyondtrust:remote_support:16.1.1","cpe:2.3:a:beyondtrust:remote_support:16.1.2","cpe:2.3:a:beyondtrust:remote_support:16.1.3","cpe:2.3:a:beyondtrust:remote_support:16.1.4","cpe:2.3:a:beyondtrust:remote_support:16.1.5","cpe:2.3:a:beyondtrust:remote_support:16.2.1","cpe:2.3:a:beyondtrust:remote_support:16.2.2","cpe:2.3:a:beyondtrust:remote_support:16.2.4","cpe:2.3:a:beyondtrust:remote_support:16.2.5","cpe:2.3:a:beyondtrust:remote_support:16.2.6","cpe:2.3:a:beyondtrust:remote_support:16.2.7","cpe:2.3:a:beyondtrust:remote_support:16.2.8","cpe:2.3:a:beyondtrust:remote_support:16.2.9","cpe:2.3:a:beyondtrust:remote_support:17.1.1","cpe:2.3:a:beyondtrust:remote_support:17.1.2","cpe:2.3:a:beyondtrust:remote_support:17.1.3","cpe:2.3:a:beyondtrust:remote_support:17.1.4","cpe:2.3:a:beyondtrust:remote_support:17.1.5","cpe:2.3:a:beyondtrust:remote_support:18.1.1","cpe:2.3:a:beyondtrust:remote_support:18.1.2","cpe:2.3:a:beyondtrust:remote_support:18.1.3","cpe:2.3:a:beyondtrust:remote_support:18.1.4","cpe:2.3:a:beyondtrust:remote_support:18.2.1","cpe:2.3:a:beyondtrust:remote_support:18.2.11","cpe:2.3:a:beyondtrust:remote_support:18.2.2","cpe:2.3:a:beyondtrust:remote_support:18.2.3","cpe:2.3:a:beyondtrust:remote_support:18.2.5","cpe:2.3:a:beyondtrust:remote_support:18.2.6","cpe:2.3:a:beyondtrust:remote_support:18.2.7","cpe:2.3:a:beyondtrust:remote_support:18.2.8","cpe:2.3:a:beyondtrust:remote_support:18.2.9","cpe:2.3:a:beyondtrust:remote_support:19.1.1","cpe:2.3:a:beyondtrust:remote_support:19.1.2","cpe:2.3:a:beyondtrust:remote_support:19.1.3","cpe:2.3:a:beyondtrust:remote_support:19.1.5","cpe:2.3:a:beyondtrust:remote_support:19.1.7","cpe:2.3:a:beyondtrust:remote_support:19.1.8","cpe:2.3:a:beyondtrust:remote_support:23.2.1","cpe:2.3:a:beyondtrust:remote_support:23.2.2","cpe:2.3:a:beyondtrust:remote_support:24.2.2","cpe:2.3:a:beyondtrust:remote_support:24.2.4","cpe:2.3:a:beyondtrust:remote_support:24.3.1","cpe:2.3:a:beyondtrust:remote_support:24.3.4","cpe:2.3:a:beyondtrust:remote_support:25.1.1","cpe:2.3:a:beyondtrust:remote_support:25.1.2","cpe:2.3:a:beyondtrust:remote_support:25.1.4","cpe:2.3:a:beyondtrust:remote_support:25.1.5","cpe:2.3:a:beyondtrust:remote_support:25.2.1","cpe:2.3:a:beyondtrust:remote_support:25.2.2","cpe:2.3:a:beyondtrust:remote_support:25.2.3","cpe:2.3:a:beyondtrust:remote_support:25.2.4","cpe:2.3:a:beyondtrust:remote_support:25.3.1","cpe:2.3:a:beyondtrust:remote_support:9.0.0","cpe:2.3:a:beyondtrust:remote_support:9.0.1","cpe:2.3:a:beyondtrust:remote_support:9.0.2","cpe:2.3:a:beyondtrust:remote_support:9.1.0","cpe:2.3:a:beyondtrust:remote_support:9.1.1","cpe:2.3:a:beyondtrust:remote_support:9.1.2","cpe:2.3:a:beyondtrust:remote_support:9.1.4","cpe:2.3:a:beyondtrust:remote_support:9.2.0","cpe:2.3:a:beyondtrust:remote_support:9.2.1","cpe:2.3:a:beyondtrust:remote_support:9.2.2","cpe:2.3:a:beyondtrust:remote_support:9.2.3","cpe:2.3:a:beyondtrust:remote_support:9.3.0","cpe:2.3:a:beyondtrust:remote_support:9.3.1","cpe:2.3:a:beyondtrust:remote_support:9.3.2","cpe:2.3:a:beyondtrust:remote_support:9.3.3"]}