CVE•Published 2026-02-06•2 articles on news•6 live references•NVD data

CVE-2026-1731

Vulnerability data via CVEDB (Shodan)

CISA action: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.

CVSS v3.1

9.9

CRITICAL

EPSS percentile

100

Exploit Prediction Scoring System · top 0% of all CVEs

Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Timeline

Published 2026-02-06

External references

NVD MITRE Exploit-DB Sploitus trickest/cve VulnCheck

Search for exposed instances

Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).

Shodan · vuln tag0 hosts

vuln:CVE-2026-1731

Hosts Shodan has explicitly fingerprinted as vulnerable.

Shodan · product

product:"Beyondtrust Privileged Remote Access"

All exposed Beyondtrust Privileged Remote Access instances — cross-reference with the CVE's affected-version range.

Shodan · banner/body mention

http.html:"Privileged Remote Access"

HTTP body or banner mentions "Privileged Remote Access" — catches deploys Shodan didn't identify as a product.

More intel sources (5)

Shodan report

vuln:CVE-2026-1731