AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (known ransomware use) (CISA Known Exploited Vulnerabilities catalog)

CVE-2026-1731: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability

infovulnerability🔥 Weaponized

security

Source: CISA Known Exploited VulnerabilitiesFebruary 12, 2026CVE-2026-1731

Summary

BeyondTrust Remote Support and Privileged Remote Access products contain an OS command injection vulnerability (a flaw that lets attackers run unauthorized system commands), which allows unauthenticated attackers to execute commands without needing login credentials or user action, potentially leading to system compromise and data theft. This vulnerability is currently being exploited by attackers in the wild. The vulnerability affects both on-premises and cloud versions of these products.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Check BeyondTrust's security advisories at https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 for specific patching or mitigation steps. The vendor's guidelines should be used to assess exposure and check for signs of compromise on all internet-accessible BeyondTrust products.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 66.1%

Exploit Maturity

🔥 Weaponized

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-78

CAPEC (Attack Pattern)

CAPEC-88

Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-1731

First tracked: February 13, 2026 at 11:00 PM

Classified by LLM (prompt v3) · confidence: 95%