# CVE-2026-1731

> BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

- **CVSS:** 9.8 (CRITICAL)
- **EPSS:** 79.6%
- **CISA KEV:** yes (known ransomware use)
- **CWE:** CWE-78

Canonical: https://intel.threadlinqs.com/cve/CVE-2026-1731
Full threat coverage + IOCs via the Threadlinqs MCP server (Purple tier): https://intel.threadlinqs.com/mcp