BeyondTrust Addresses Critical Pre-Authentication Remote Code Execution Vulnerability in Remote Support and Privileged Remote Access Products
BeyondTrust has recently released critical updates to rectify a severe security vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. This flaw, if exploited, could allow unauthenticated remote attackers to execute operating system commands, potentially leading to unauthorized access, data exfiltration, and service disruptions.
The vulnerability, identified as CVE-2026-1731, is classified as an operating system command injection with a CVSS score of 9.9, indicating its high severity. It impacts the following versions:
– Remote Support versions 25.3.1 and earlier
– Privileged Remote Access versions 24.3.4 and earlier
To mitigate this issue, BeyondTrust has released patches:
– Remote Support: Patch BT26-02-RS, version 25.3.2 and later
– Privileged Remote Access: Patch BT26-02-PRA, version 25.1.1 and later
Self-hosted customers are advised to manually apply these patches if their systems are not configured for automatic updates. Those operating on Remote Support versions older than 21.3 or Privileged Remote Access versions older than 22.1 must upgrade to newer versions to apply the necessary patches.
The vulnerability was discovered on January 31, 2026, by security researcher and Hacktron AI co-founder Harsh Jaiswal through AI-enabled variant analysis. Approximately 11,000 instances exposed to the internet were identified, with around 8,500 being on-premises deployments that remain vulnerable if patches are not applied.
Given the history of active exploitation of vulnerabilities in BeyondTrust’s products, it is imperative for users to update to the latest versions promptly to ensure optimal security.
