Summary
Key Points:
- CVE-2026-1731 is a critical unauthenticated Remote Code Execution (RCE) vulnerability in BeyondTrust Remote Support and Privileged Remote Access products, allowing attackers to execute arbitrary commands remotely.
- The vulnerability affects Remote Support versions 25.3.1 and prior, and Privileged Remote Access versions 24.3.4 and prior, with a CVSSv4 score of 9.9. Approximately 8,500 on-premises instances are exposed to the internet, making them high-priority targets.
- Immediate action is required: apply the vendor-provided patches for affected versions to mitigate risks.
Technical Details: CVE-2026-1731 allows unauthenticated attackers to send specially crafted requests that execute arbitrary operating system commands in the context of the site user.
MITRE ATT&CK Techniques:
- T1203 - Exploit Public-Facing Application (Initial Access)
IOCs Mentioned: None mentioned
Join the discussion — sign up to comment, upvote, and save articles.