Vulnerability intelligence
CVE-2026-1731
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
CVSS Score
9.9
Critical
EPSS — Exploit Probability
80%
Riskier than 99% of all CVEs
Exploitation
Confirmed in the wild
Used in ransomware campaigns
Remediation
Patch available
Federal deadline 2026-02-16
CISA required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Deadline for federal agencies: 2026-02-16.
4 articles across 3 outlets · first covered Apr 7, 2026 · latest Apr 21, 2026
Associated threat actors
Coverage timeline
-
Bomgar CVE-2026-1731 Exploited in Supply Chain, LockBit Deployedwww.darkreading.com · Apr 21, 2026
-
Darktrace calls for unified AI security beyond point fixeswww.darktrace.com · Apr 8, 2026
-
Storm-1175 Deploys Medusa Ransomware at 'High Velocity'www.darkreading.com · Apr 7, 2026
-
China linked Medusa gang uses zero days to hit UK health, financethehackernews.com · Apr 7, 2026