rootxharsh (Author) | Hacktron AI

rootxharsh

(he/him)

CVE-2026-1731: Pre-Auth RCE in BeyondTrust Remote Support & PRA

Hacktron AI's agents identified a critical pre-authentication remote code execution (RCE) vulnerability in BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA). This has been assigned CVE-2026-1731 with a CVSS 9.9 critical score.

r rootxharsh
s s1r1us
・ February 6, 2026

research
Auditing JDBC Drivers at Scale with Hacktron CLI

How we used Hacktron CLI to audit JDBC drivers at scale, mapping dangerous sinks to user input and turning file primitives into real-world RCEs and bug bounties.

r rootxharsh
・ November 21, 2025

research
SupaPwn: Hacking Our Way into Lovable's Office and Helping Secure Supabase

We hacked our way into Lovable's office by demoing SupaPwn — a chain that could potentially enable region-wide tenant takeover: event-trigger privilege window, DB superuser, host RCE, SUID escalation, exposed configs, orchestration takeover

s s1r1us
r rootxharsh
z zayne
l liveoverflow
・ November 17, 2025

research
Hacktron finds pre-auth RCE in Dassault Delmia Apriso

For years, this vulnerability hid in plain sight — missed by multiple audits and even used in production by Apple. In just ten minutes, Hacktron exposed a full pre‐auth RCE path.

r rootxharsh
・ June 3, 2025

research
Hacktron finds another pre-auth RCE variant in Ivanti EPMM

Hacktron AI uncovers a new pre-authenticated RCE variant in Ivanti EPMM by identifying a fresh EL injection sink.

r rootxharsh
・ May 16, 2025

research