轉發 國家資安資訊分享與分析中心 資安訊息警訊 NISAC-200-202602-00000092

[內容說明]
研究人員發現BeyondTrust Remote Support(RS)與Privileged Remote Access(PRA)存在作業系統指令注入(OS Command Injection)漏洞(CVE-2026-1731)，未經身分鑑別之遠端攻擊者可注入任意作業系統指令並於伺服器上執行。
該漏洞已遭駭客利用，請儘速確認並進行修補。

[影響平台]
Remote Support 25.3.1(含)以前版本
Privileged Remote Access 24.3.4(含)以前版本

[建議措施]
官方已針對漏洞釋出修復更新，請參考官方說明進行更新，網址如下： https://wwwbeyondtrust.com/trust-center/security-advisories/bt26-02

[參考資料]
1. https://nvd.nist.gov/vuln/detail/CVE-2026-1731
2. https://www.beyondtrust.com/trust-center/security-advisories/bt26-02

Forwarded from National Cybersecurity Information Sharing and Analysis Center: Cybersecurity Alert NISAC-200-202602-00000092

[Content Description]
Researchers have discovered an OS Command Injection vulnerability (CVE-2026-1731) in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). An unauthenticated remote attacker could inject arbitrary operating system commands and execute them on the server.

This vulnerability has already been exploited by hackers. Please confirm and patch it as soon as possible.

[Affected Platforms]
Remote Support versions 25.3.1 and earlier
Privileged Remote Access versions 24.3.4 and earlier

[Recommended Actions]
An official patch has been released to address this vulnerability. Please refer to the official instructions for updating. The URL is as follows: https://wwwbeyondtrust.com/trust-center/security-advisories/bt26-02

[References]
1. https://nvd.nist.gov/vuln/detail/CVE-2026-1731
2. https://www.beyondtrust.com/trust-center/security-advisories/bt26-02