CVE-2026-1731

Sažetak

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Reference

https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_article=KB0023293
https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
https://github.com/win3zz/CVE-2026-1731
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-1731
https://www.greynoise.io/blog/reconnaissance-beyondtrust-rce-cve-2026-1731

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

17-02-2026 - 13:40

Objavljeno

06-02-2026 - 22:16