← Volver a CVEs
CVE-2026-1731
CRITICALCISA KEV9.8
Descripcion
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado2/6/2026
Ultima modificacion2/17/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorBeyondTrust
ProductoRemote Support (RS) and Privileged Remote Access (PRA)
Nombre vulnerabilidadBeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
Fecha inclusion KEV2026-02-13
Fecha limite remediacion2026-02-16
Uso en ransomwareKnown
Productos afectados
beyondtrust:privileged_remote_accessbeyondtrust:remote_support
Debilidades (CWE)
CWE-78
Referencias
https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0023293(13061848-ea10-403d-bd75-c83a022c2891)
https://www.beyondtrust.com/trust-center/security-advisories/bt26-02(13061848-ea10-403d-bd75-c83a022c2891)
https://github.com/win3zz/CVE-2026-1731(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.