Vulnerability Summary
- Identifier: CVE-2026-1731
- Severity: Critical (CVSS 4.0 base score ~9.9)
- Type: Pre-authentication remote code execution (RCE) via OS command injection
- Affected Software:
- BeyondTrust Remote Support (RS)
- Certain older versions of BeyondTrust Privileged Remote Access (PRA)
Technical Details
- This flaw is an operating-system command injection issue. It arises from improper neutralization of special elements in commands that the application constructs and executes.
- An unauthenticated remote attacker can send a specially crafted request to the vulnerable service and cause it to execute arbitrary OS commands in the context of the site user without needing to log in first.
Impact
- Remote Code Execution: Attackers can run arbitrary system commands on the host.
- Unauthorized Access: Because no authentication is required, attackers don’t need valid credentials.
- Potential Consequences:
- Full system compromise on affected servers
- Data theft or exfiltration
- Disruption of service or lateral movement within a network
Exploitability
- The vulnerability is highly exploitable because:
- No authentication is required.
- Triggering the flaw only requires sending crafted input over a reachable network interface.
Mitigation / Remediation
- Apply updates: BeyondTrust has released advisories and patches for affected RS and PRA releases. Always upgrade to the fixed versions as recommended in the BT26-02 advisory from BeyondTrust’s trust/security center.
- Network controls: Until patched, restrict access to management interfaces from untrusted networks and use firewalls/ACLs.
Summary
CVE-2026-1731 is a critical remote code execution vulnerability affecting BeyondTrust’s remote access/support tools. Because it can be exploited without authentication and allows system-level command execution, it poses a significant risk in enterprise environments. Applying vendor patches and network access restrictions should be prioritized to mitigate exploitation.
