CVE-2026-1731

216.73.216.233

· Published 13/02/2026 01:00 · Modified 20/02/2026 14:14 · Author: Cybersecurity and Infrastructure Security Agency

Labels: CVE-2026-1731 13061848-ea10-403d-bd75-c83a022c2891 2026-02-06 CVE-2026-1731 CWE-78

Essential information

Published: 13/02/2026 01:00
Modified: 20/02/2026 14:14
Author: Cybersecurity and Infrastructure Security Agency
Creator: Cybersecurity and Infrastructure Security Agency
CVSS: 9.8 CRITICAL (v3.1) 9.9 CRITICAL (v4.0)
CISA KEV: Yes
CWE: —
CVSS vector: CVSS:3.1/AV:N/C:H/I:H/A:H

CVSS metrics

Description

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.

NVD status

Status: Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source: 13061848-ea10-403d-bd75-c83a022c2891
NVD: View on NVD

Affected products (CPE)

Product	CPE
beyondtrust / beyondtrust remote support	`cpe:2.3:a:beyondtrust:beyondtrust_remote_support::::::::`
beyondtrust / privileged remote access	`cpe:2.3:a:beyondtrust:privileged_remote_access::::::::`

CVE-2026-1731

Essential information

CVSS metrics

Description

NVD status

Affected products (CPE)

References

Related entities

Attack reports (9)