CVE-2026-1731

Critical KEV CVSS: 9.9

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Vendor

Beyondtrust

Product

Privileged Remote Access

CWE

CWE-78

Yayın Tarihi

2026-02-06 22:16:11

Güncelleme

2026-02-17 13:40:10

Source Identifier

13061848-ea10-403d-bd75-c83a022c2891

KEV Date Added

2026-02-13

Kategoriler

CWE-78 Privileged Remote Access CRITICAL Beyondtrust 2026

Referanslar

https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0023293 https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 https://github.com/win3zz/CVE-2026-1731 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731 https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731

Benzer Kayıtlar

High

CVE-2025-2297

Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challe…

High

CVE-2025-6250

Prior to 25.4.270.0, when wmic.exe is elevated with a full admin token the user can stop the Defendpoint service, bypass…

High

CVE-2025-5309

The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template I…

High

CVE-2025-0217

BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A loc…

High

CVE-2025-0889

Prior to 25.2, a local authenticated attacker can elevate privileges on a system with Privilege Management for Windows i…