Vulnerability Details CVE-2026-1731
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.61
EPSS Ranking 98.3%
CVSS Severity
CVSS v3 Score 9.8
Proposed Action
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.
Ransomware Campaign
Unknown
References
- https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0023293
- https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
- https://github.com/win3zz/CVE-2026-1731
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731
- https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731
Products affected by CVE-2026-1731
-
cpe:2.3:a:beyondtrust:privileged_remote_access:-
-
cpe:2.3:a:beyondtrust:privileged_remote_access:22.2.1
-
cpe:2.3:a:beyondtrust:privileged_remote_access:22.2.2
-
cpe:2.3:a:beyondtrust:privileged_remote_access:22.3.1
-
cpe:2.3:a:beyondtrust:privileged_remote_access:22.3.2
-
cpe:2.3:a:beyondtrust:privileged_remote_access:22.3.3
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.1.1
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.1.2
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.1.3
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.1.4
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.1
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.2
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.3
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.4
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.2.5
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.3.1
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.3.2
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.3.3
-
cpe:2.3:a:beyondtrust:privileged_remote_access:23.3.4
-
cpe:2.3:a:beyondtrust:privileged_remote_access:24.1.1
-
cpe:2.3:a:beyondtrust:privileged_remote_access:24.1.2
-
cpe:2.3:a:beyondtrust:privileged_remote_access:24.1.3
-
cpe:2.3:a:beyondtrust:privileged_remote_access:24.1.4
-
cpe:2.3:a:beyondtrust:privileged_remote_access:24.2.2
-
cpe:2.3:a:beyondtrust:privileged_remote_access:24.2.3
-
cpe:2.3:a:beyondtrust:privileged_remote_access:24.2.4
-
cpe:2.3:a:beyondtrust:privileged_remote_access:24.3.1
-
cpe:2.3:a:beyondtrust:privileged_remote_access:24.3.4
-
cpe:2.3:a:beyondtrust:remote_support:-
-
cpe:2.3:a:beyondtrust:remote_support:10.0.0
-
cpe:2.3:a:beyondtrust:remote_support:10.0.1
-
cpe:2.3:a:beyondtrust:remote_support:10.0.11
-
cpe:2.3:a:beyondtrust:remote_support:10.0.12
-
cpe:2.3:a:beyondtrust:remote_support:10.0.15
-
cpe:2.3:a:beyondtrust:remote_support:10.0.2
-
cpe:2.3:a:beyondtrust:remote_support:10.0.4
-
cpe:2.3:a:beyondtrust:remote_support:10.0.5
-
cpe:2.3:a:beyondtrust:remote_support:10.0.6
-
cpe:2.3:a:beyondtrust:remote_support:10.0.7
-
cpe:2.3:a:beyondtrust:remote_support:10.0.9
-
cpe:2.3:a:beyondtrust:remote_support:10.1
-
cpe:2.3:a:beyondtrust:remote_support:10.1.2
-
cpe:2.3:a:beyondtrust:remote_support:10.1.3
-
cpe:2.3:a:beyondtrust:remote_support:10.1.5
-
cpe:2.3:a:beyondtrust:remote_support:10.1.7
-
cpe:2.3:a:beyondtrust:remote_support:10.2
-
cpe:2.3:a:beyondtrust:remote_support:10.2.10
-
cpe:2.3:a:beyondtrust:remote_support:10.2.2
-
cpe:2.3:a:beyondtrust:remote_support:10.2.3
-
cpe:2.3:a:beyondtrust:remote_support:10.2.6
-
cpe:2.3:a:beyondtrust:remote_support:10.2.8
-
cpe:2.3:a:beyondtrust:remote_support:10.2.9
-
cpe:2.3:a:beyondtrust:remote_support:10.3.0
-
cpe:2.3:a:beyondtrust:remote_support:10.3.1
-
cpe:2.3:a:beyondtrust:remote_support:10.3.2
-
cpe:2.3:a:beyondtrust:remote_support:10.3.3
-
cpe:2.3:a:beyondtrust:remote_support:10.3.4
-
cpe:2.3:a:beyondtrust:remote_support:10.3.6
-
cpe:2.3:a:beyondtrust:remote_support:10.3.8
-
cpe:2.3:a:beyondtrust:remote_support:10.4.0
-
cpe:2.3:a:beyondtrust:remote_support:10.4.1
-
cpe:2.3:a:beyondtrust:remote_support:10.4.11
-
cpe:2.3:a:beyondtrust:remote_support:10.4.3
-
cpe:2.3:a:beyondtrust:remote_support:10.4.4
-
cpe:2.3:a:beyondtrust:remote_support:10.4.5
-
cpe:2.3:a:beyondtrust:remote_support:10.4.6
-
cpe:2.3:a:beyondtrust:remote_support:10.4.8
-
cpe:2.3:a:beyondtrust:remote_support:10.4.9
-
cpe:2.3:a:beyondtrust:remote_support:10.5.0
-
cpe:2.3:a:beyondtrust:remote_support:10.5.1
-
cpe:2.3:a:beyondtrust:remote_support:10.5.2
-
cpe:2.3:a:beyondtrust:remote_support:10.5.3
-
cpe:2.3:a:beyondtrust:remote_support:10.5.4
-
cpe:2.3:a:beyondtrust:remote_support:10.5.5
-
cpe:2.3:a:beyondtrust:remote_support:10.6.0
-
cpe:2.3:a:beyondtrust:remote_support:10.6.2
-
cpe:2.3:a:beyondtrust:remote_support:10.6.3
-
cpe:2.3:a:beyondtrust:remote_support:10.6.4
-
cpe:2.3:a:beyondtrust:remote_support:10.6.5
-
cpe:2.3:a:beyondtrust:remote_support:10.6.6
-
cpe:2.3:a:beyondtrust:remote_support:11.1.0
-
cpe:2.3:a:beyondtrust:remote_support:11.1.1
-
cpe:2.3:a:beyondtrust:remote_support:11.1.2
-
cpe:2.3:a:beyondtrust:remote_support:11.1.3
-
cpe:2.3:a:beyondtrust:remote_support:11.1.4
-
cpe:2.3:a:beyondtrust:remote_support:12.1.1
-
cpe:2.3:a:beyondtrust:remote_support:12.1.2
-
cpe:2.3:a:beyondtrust:remote_support:12.1.4
-
cpe:2.3:a:beyondtrust:remote_support:12.1.5
-
cpe:2.3:a:beyondtrust:remote_support:12.2.1
-
cpe:2.3:a:beyondtrust:remote_support:12.2.3
-
cpe:2.3:a:beyondtrust:remote_support:12.2.4
-
cpe:2.3:a:beyondtrust:remote_support:12.3.1
-
cpe:2.3:a:beyondtrust:remote_support:12.3.2
-
cpe:2.3:a:beyondtrust:remote_support:12.3.4
-
cpe:2.3:a:beyondtrust:remote_support:12.3.5
-
cpe:2.3:a:beyondtrust:remote_support:13.1.1
-
cpe:2.3:a:beyondtrust:remote_support:13.1.2
-
cpe:2.3:a:beyondtrust:remote_support:13.1.3
-
cpe:2.3:a:beyondtrust:remote_support:14.1.1
-
cpe:2.3:a:beyondtrust:remote_support:14.1.2
-
cpe:2.3:a:beyondtrust:remote_support:14.1.3
-
cpe:2.3:a:beyondtrust:remote_support:14.1.4
-
cpe:2.3:a:beyondtrust:remote_support:14.2.1
-
cpe:2.3:a:beyondtrust:remote_support:14.2.2
-
cpe:2.3:a:beyondtrust:remote_support:14.2.3
-
cpe:2.3:a:beyondtrust:remote_support:14.3.1
-
cpe:2.3:a:beyondtrust:remote_support:14.3.2
-
cpe:2.3:a:beyondtrust:remote_support:14.3.3
-
cpe:2.3:a:beyondtrust:remote_support:15.1.1
-
cpe:2.3:a:beyondtrust:remote_support:15.1.2
-
cpe:2.3:a:beyondtrust:remote_support:15.1.3
-
cpe:2.3:a:beyondtrust:remote_support:15.1.4
-
cpe:2.3:a:beyondtrust:remote_support:15.2.1
-
cpe:2.3:a:beyondtrust:remote_support:15.2.2
-
cpe:2.3:a:beyondtrust:remote_support:15.2.3
-
cpe:2.3:a:beyondtrust:remote_support:16.1.1
-
cpe:2.3:a:beyondtrust:remote_support:16.1.2
-
cpe:2.3:a:beyondtrust:remote_support:16.1.3
-
cpe:2.3:a:beyondtrust:remote_support:16.1.4
-
cpe:2.3:a:beyondtrust:remote_support:16.1.5
-
cpe:2.3:a:beyondtrust:remote_support:16.2.1
-
cpe:2.3:a:beyondtrust:remote_support:16.2.2
-
cpe:2.3:a:beyondtrust:remote_support:16.2.4
-
cpe:2.3:a:beyondtrust:remote_support:16.2.5
-
cpe:2.3:a:beyondtrust:remote_support:16.2.6
-
cpe:2.3:a:beyondtrust:remote_support:16.2.7
-
cpe:2.3:a:beyondtrust:remote_support:16.2.8
-
cpe:2.3:a:beyondtrust:remote_support:16.2.9
-
cpe:2.3:a:beyondtrust:remote_support:17.1.1
-
cpe:2.3:a:beyondtrust:remote_support:17.1.2
-
cpe:2.3:a:beyondtrust:remote_support:17.1.3
-
cpe:2.3:a:beyondtrust:remote_support:17.1.4
-
cpe:2.3:a:beyondtrust:remote_support:17.1.5
-
cpe:2.3:a:beyondtrust:remote_support:18.1.1
-
cpe:2.3:a:beyondtrust:remote_support:18.1.2
-
cpe:2.3:a:beyondtrust:remote_support:18.1.3
-
cpe:2.3:a:beyondtrust:remote_support:18.1.4
-
cpe:2.3:a:beyondtrust:remote_support:18.2.1
-
cpe:2.3:a:beyondtrust:remote_support:18.2.11
-
cpe:2.3:a:beyondtrust:remote_support:18.2.2
-
cpe:2.3:a:beyondtrust:remote_support:18.2.3
-
cpe:2.3:a:beyondtrust:remote_support:18.2.5
-
cpe:2.3:a:beyondtrust:remote_support:18.2.6
-
cpe:2.3:a:beyondtrust:remote_support:18.2.7
-
cpe:2.3:a:beyondtrust:remote_support:18.2.8
-
cpe:2.3:a:beyondtrust:remote_support:18.2.9
-
cpe:2.3:a:beyondtrust:remote_support:19.1.1
-
cpe:2.3:a:beyondtrust:remote_support:19.1.2
-
cpe:2.3:a:beyondtrust:remote_support:19.1.3
-
cpe:2.3:a:beyondtrust:remote_support:19.1.5
-
cpe:2.3:a:beyondtrust:remote_support:19.1.7
-
cpe:2.3:a:beyondtrust:remote_support:19.1.8
-
cpe:2.3:a:beyondtrust:remote_support:23.2.1
-
cpe:2.3:a:beyondtrust:remote_support:23.2.2
-
cpe:2.3:a:beyondtrust:remote_support:24.2.2
-
cpe:2.3:a:beyondtrust:remote_support:24.2.4
-
cpe:2.3:a:beyondtrust:remote_support:24.3.1
-
cpe:2.3:a:beyondtrust:remote_support:24.3.4
-
cpe:2.3:a:beyondtrust:remote_support:25.1.1
-
cpe:2.3:a:beyondtrust:remote_support:9.0.0
-
cpe:2.3:a:beyondtrust:remote_support:9.0.1
-
cpe:2.3:a:beyondtrust:remote_support:9.0.2
-
cpe:2.3:a:beyondtrust:remote_support:9.1.0
-
cpe:2.3:a:beyondtrust:remote_support:9.1.1
-
cpe:2.3:a:beyondtrust:remote_support:9.1.2
-
cpe:2.3:a:beyondtrust:remote_support:9.1.4
-
cpe:2.3:a:beyondtrust:remote_support:9.2.0
-
cpe:2.3:a:beyondtrust:remote_support:9.2.1
-
cpe:2.3:a:beyondtrust:remote_support:9.2.2
-
cpe:2.3:a:beyondtrust:remote_support:9.2.3
-
cpe:2.3:a:beyondtrust:remote_support:9.3.0
-
cpe:2.3:a:beyondtrust:remote_support:9.3.1
-
cpe:2.3:a:beyondtrust:remote_support:9.3.2
-
cpe:2.3:a:beyondtrust:remote_support:9.3.3