BeyondTrust has released an update that addresses a critical security flaw affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. Successful exploitation could lead to remote code execution.
“Certain older versions of BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability,” the company said in an advisory published on February 6, 2026.
“By sending a specially crafted request, an unauthenticated, remote attacker may be able to execute operating system commands in the context of a site user.”
This vulnerability is classified as an Operating System Command Injection and has been assigned the CVE identifier CVE-2026-1731. It is rated 9.9 on the CVSS scoring system.
BeyondTrust said that successful exploitation of this flaw could allow an unauthenticated, remote attacker to execute operating system commands in the context of a site user, potentially resulting in unauthorized access, data disclosure, or service interruption.
This issue affects the following versions:
Remote Support version 25.3.1 and earlier Privileged Remote Access version 24.3.4 and earlier
The following versions have been patched:
Remote Support – Patch BT26-02-RS, 25.3.2 or later Privileged Remote Access – Patch BT26-02-PRA, 25.1.1 or later
The company is also reminding its Remote Support and Privileged Remote Access self-host customers to manually apply the patch if their instances are not registered for automatic updates. If you are running a version of Remote Support older than 21.3 or Privileged Remote Access older than 22.1, you must also upgrade to the new version to apply this patch.
“PRA self-hosted customers may also upgrade to version 25.1.1 or later to fix this vulnerability,” it added.
Harsh Jaiswal, security researcher and co-founder of Hacktron AI, said the vulnerability was discovered on January 31, 2026 through artificial intelligence (AI)-enabled variant analysis, adding that approximately 11,000 instances were found exposed to the internet. Additional details of the flaw are being withheld to give users time to apply the patch.
“About 8,500 of these are on-premises deployments, which remain potentially vulnerable if not patched,” Jaiswal said.
Security flaws in BeyondTrust Privileged Remote Access and Remote Support have been exploited in the past and it is important for users to update to the latest version as soon as possible for optimal protection.
Source link
