CVE-2026-1731
CISA KEVPublished February 13, 2026 · Updated April 3, 2026
What This Means
## CVE-2026-1731: BeyondTrust Remote Support and PRA OS Command Injection **What it is:** BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) contain an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary operating system commands without credentials or user interaction. **Impact:** Successful exploitation grants attackers command execution in the site user context, enabling system compromise, unauthorized access, data theft, and denial of service. **What to do:** Immediately identify all BeyondTrust RS and PRA deployments in your environment. Check BeyondTrust security advisories for patched versions and apply updates as soon as available. Until patching is complete, restrict network access to these services and monitor for suspicious command execution patterns in application and OS logs.
Official Description+
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.
Affected Products
| Vendor | Product |
|---|---|
| BeyondTrust | Remote Support (RS) and Privileged Remote Access (PRA) |
Patch Status
Recommended Actions
- Check if your systems use any of the affected products listed above.
- Apply vendor patches immediately if available.
- This vulnerability is in CISA's Known Exploited Vulnerabilities catalog — prioritize remediation.
- Monitor vendor advisories for updates and additional mitigations.
- Review logs for indicators of compromise related to CVE-2026-1731.