CVE-2026-1731

actively exploited

malware scan severity analysis detection code search

CVE-2026-1731 is an unauthenticated OS command injection vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) that allows remote attackers to achieve arbitrary code execution through unsafe Bash arithmetic evaluation in WebSocket communications. The vulnerability requires no authentication and can be exploited pre-authentication, making it suitable for direct network access. Active exploitation has been documented in ransomware campaigns following public proof-of-concept release. rdintel-analysis

9.9

cvss critical

common vulnerability scoring system v3.1. measures intrinsic severity on a 0-10 scale.

epss 0.7555

exploitation prediction scoring system. probability this vulnerability will be exploited in the wild in the next 30 days.

kev yes

cisa known exploited vulnerabilities catalog. confirmed active exploitation. rdintel-analysisseverity and description assessed by rdintel before official nvd publication.

exploitation detection attribution advisories media timeline

activity density

rdintel assessment

actively exploited. patch immediately.

ransomware in use.

flagged malicious repos detected. do not execute.

detection rules available.

composite score from 15+ signals including exploitation status, epss probability, detection coverage, and community attention. 0-100 scale.

exploitation

actively exploited

Vendor - Product Name

Apply vendor-provided patches

poc repositories (3)

researcher/exploit-poc - 42 stars - Python

security-lab/cve-checker - 18 stars - Go

detection

nuclei-template-id - critical - by projectdiscovery

sigma-rule-title - high - windows

timeline

2024-01-15 - published - CVE record created

2024-01-18 - poc - First exploit code published

2024-01-20 - kev - Added to known exploited

pocs, detection rules, timeline, advisories, and more