CVE-2026-1731 CRITICAL

CVE-2026-1731: Remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)

Vendor Beyondtrust
Product Remote Support(RS) & Privileged Remote Access(PRA)
Weakness CWE-78
KEV Status Known Exploited
Ransomware Used in campaigns
Published February 6, 2026
Last update February 26, 2026
View on NVD All CVEs

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L

What the vulnerability does

01Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

CISA mandated remediation

02CISA Required Action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Key dates

03Disclosure timeline

February 6, 2026 CVE published
February 26, 2026 Record updated