CVE-2026-1731 | defend.network

What is CVE-2026-1731?

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.

CVSS9.8 NVD 3.1

SeverityCRITICAL

Exploitation In the wild In CISA KEV

Triage statusActive Exploit

ActionPatch immediately

CVSS vectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA Known Exploited Vulnerability

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability

Added to KEV2026-02-13

Federal patch deadline2026-02-16

Known ransomware useKnown

Affected product

BeyondTrust Remote Support (RS) And Privileged Remote Access (PRA)

References

Coverage on defend.network

Docker & npm supply-chain hits; Lotus Wiper on Venezuelan energy (2026-04-23)
Russian APT token theft; Gentlemen ransomware claims 1,570 victims (2026-04-22)

🤖 This CVE page is generated by defend.network from NVD, CISA KEV, EPSS, and our verified daily briefings. Severity and exploitation data come from official sources; always verify remediation steps against the official vendor advisory before acting in production.

What is CVE-2026-1731?

CISA Known Exploited Vulnerability

Affected product

References

Coverage on defend.network

Get Critical CVE Alerts