好的,我现在需要帮用户总结一篇文章的内容,控制在100字以内,并且不需要特定的开头。首先,我得仔细阅读文章,抓住关键点。 文章主要讲的是BeyondTrust的两个产品,Privileged Remote Access和Remote Support,存在一个严重的漏洞CVE-2026-1731。这个漏洞是命令注入类型,允许未经认证的攻击者远程执行代码。CVSS评分高达9.9,说明风险很高。 漏洞的影响包括系统完全被控制、数据泄露和服务中断。虽然目前没有公开的利用案例,但因为不需要认证和用户交互,攻击者可能很快会利用这个漏洞。 修复方面,云客户已经打了补丁,自托管客户需要升级到特定版本或应用补丁。NodeZero平台提供了快速响应测试来验证漏洞是否存在。 总结的时候,我需要涵盖漏洞名称、影响的产品、攻击方式、CVSS评分、影响后果以及修复建议。确保在100字以内简洁明了地表达出来。 </think> BeyondTrust Privileged Remote Access和Remote Support存在严重漏洞CVE-2026-1731,允许未认证攻击者通过恶意请求远程执行代码。该漏洞CVSS v4评分为9.9,可能导致系统完全控制、数据泄露和服务中断。修复建议包括立即升级到最新版本或应用补丁,并使用NodeZero平台进行验证。 2026-2-11 21:55:34 Author: horizon3.ai(查看原文) 阅读量:2 收藏
BeyondTrust Privileged Remote Access and Remote Support | Pre-Auth Remote Code Execution
CVE-2026-1731 is a critical command injection vulnerability affecting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS). The vulnerability allows unauthenticated remote code execution through specially crafted requests. It carries a CVSS v4 score of 9.9.
Because exploitation requires no authentication and no user interaction, exposed instances are at significant risk. Successful exploitation allows an attacker to execute operating system commands in the context of the site user, potentially leading to full system compromise, data exfiltration, and service disruption.
BeyondTrust reported no evidence of active exploitation at the time of disclosure. However, the technical characteristics make this vulnerability highly attractive to attackers.
Stop Guessing, Start Proving
Technical Details
The vulnerability stems from improper input validation in request handling within BeyondTrust PRA and Remote Support. Specially crafted requests can trigger OS command injection, resulting in remote code execution.
Public technical reporting indicates exploitation can occur via malicious WebSocket requests. However, vendor advisory language broadly describes exploitation through specially crafted client requests.
Attack characteristics:
- Attack vector: Network
- Authentication required: None
- User interaction: None
- Impact: Remote code execution as the site user
- CVSS v4 score: 9.9
An unauthenticated attacker can remotely trigger command execution, making internet-facing or externally accessible deployments particularly exposed.
NodeZero® Offensive Security Platform — Rapid Response
To safely verify if CVE-2026-1731 affects BeyondTrust instances, Horizon3.ai customers can take advantage of the newly released Rapid Response test to confirm exploitability and remediation after patching.
- Run the Rapid Response test — Launch the BeyondTrust PRA and Remote Support CVE-2026-1731 Rapid Response test from the customer portal to assess both internet-facing and internal instances for exploitable command injection exposure.
- Patch immediately — BeyondTrust applied patches to all Remote Support SaaS and Privileged Remote Access SaaS cloud customers as of February 2, 2026. Self-hosted customers should upgrade to a fixed version or apply the appropriate vendor patch.
- Re-run the Rapid Response test — Validate that the vulnerability is no longer exploitable and confirm remediation has effectively removed risk.
Rapid Response helps organizations focus on vulnerabilities attackers are most likely to exploit, allowing security teams to act quickly where exposure is real and validated.
Indicators of Compromise
At the time of disclosure, no specific public indicators of compromise were released. Organizations should monitor for:
- Suspicious or malformed requests targeting BeyondTrust services
- Unexpected command execution activity associated with the BeyondTrust site user
- Anomalous process creation or outbound connections from BeyondTrust hosts
Review system and application logs for unusual request patterns and unexpected command execution behavior.
Affected Versions
- Remote Support: 25.3.1 and prior
- Privileged Remote Access: 24.3.4 and prior
Fixed Versions / Mitigation
- Remote Support SaaS and Privileged Remote Access SaaS cloud customers were patched as of February 2, 2026.
- Self-hosted customers should apply:
- Remote Support: Patch BT26-02-RS (v21.3 through 25.3.1)
- Privileged Remote Access: Patch BT26-02-PRA (v22.1 through 24.x)
- All PRA versions 25.1 and greater do not require patching for this vulnerability.
References
Read about other CVEs
NodeZero® Platform
Implement a continuous find, fix, and verify loop with NodeZero
The NodeZero® platform empowers your organization to reduce your security risks by autonomously finding exploitable weaknesses in your network, giving you detailed guidance around how to priortize and fix them, and having you immediately verify that your fixes are effective.
Recognized By
如有侵权请联系:admin#unsafe.sh