Fixed Intel

CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Feb 16, 2026

CVE-2026-1731

High
EPSS 68.6%CISA KEVRansomware
BeyondTrust/Remote Support (RS) and Privileged Remote Access (PRA)

Description

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.

EPSS — Exploit Probability

68.6%

Higher than 98.6% of all CVEs

Required Action

Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731

Related Articles (1)

Industry News

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Your weekly cybersecurity roundup covering the latest threats, exploits, vulnerabilities, and security news you need to know.

Mar 9, 2026

Risk Assessment

CRITICAL
In CISA KEV
High EPSS
Ransomware

Details

Severity
High
EPSS
68.6%
CISA KEV
Yes
Ransomware
Known
Articles
1

Timeline

Published

Feb 13, 2026

Added to KEV

Feb 13, 2026

Remediation Due

Feb 16, 2026

Affected Product

BeyondTrust

Remote Support (RS) and Privileged Remote Access (PRA)

View all BeyondTrust CVEs

External Links

NVD (NIST)CVE DetailsMITRE CVE