BeyondTrust has issued significant updates to rectify a severe security vulnerability identified in its Remote Support (RS) and Privileged Remote Access (PRA) applications. Exploiting this flaw could potentially lead to remote code execution (RCE), posing a substantial risk to affected systems.
Understanding the Vulnerability
The security flaw, detailed by BeyondTrust in an advisory on February 6, 2026, involves a pre-authentication RCE vulnerability that impacts certain versions of RS and PRA. This issue, labeled as CVE-2026-1731, has been rated 9.9 on the CVSS scale, indicating its critical nature. The flaw allows unauthenticated attackers to send maliciously crafted requests, enabling them to execute system commands with the same privileges as the site user.
Affected Versions and Patches
The vulnerability targets Remote Support versions 25.3.1 and earlier, as well as Privileged Remote Access versions 24.3.4 and earlier. BeyondTrust has released patches to address this issue in Remote Support version 25.3.2 and later, and Privileged Remote Access version 25.1.1 and later. The company has stressed the importance of applying these patches promptly to mitigate potential risks.
Manual Update Recommendations
BeyondTrust advises self-hosted users of both RS and PRA to manually implement the updates if their systems do not automatically receive them. Those operating Remote Support versions older than 21.3 or Privileged Remote Access versions older than 22.1 must upgrade to a newer release to apply the necessary patches. The company also highlighted that users of PRA should consider upgrading to version 25.1.1 or newer to fully address the vulnerability.
Harsh Jaiswal, a security researcher and co-founder of Hacktron AI, identified the flaw on January 31, 2026, using AI-driven variant analysis. He reported approximately 11,000 exposed instances on the internet, with around 8,500 being on-premise deployments that remain at risk if patches are not installed.
Importance of Timely Updates
Given BeyondTrust’s history of vulnerabilities being actively exploited, it is crucial for users to update their systems promptly. By doing so, they can ensure robust protection against potential unauthorized access, data breaches, and service disruptions.
As cybersecurity threats continue to evolve, consistently applying security patches remains a vital defense strategy for organizations relying on BeyondTrust’s remote access solutions.
