VIR Vulnerability Intelligence Relay

CVE-2026-1731

unknown KEV
Published 2026-02-13 ยท Modified 2026-02-13
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
2.5

Description

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.

CISA KEV

Vendor
BeyondTrust
Product
Remote Support (RS) and Privileged Remote Access (PRA)
Due date
2026-02-16

Predictions

Exploit likelihood
99%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27
{Vendor advisory: cisa-kev โ€” Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731}

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Metasploit modules

exploit_linux/http/beyondtrust_pra_rs_command_injection rank 600
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) unauthenticated Remote Code Execution
Source fetch failed: fetch_error โ€” view the original via the link above.

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.