Critical Vulnerability in BeyondTrust Allows Remote Code Execution

A newly disclosed critical vulnerability in BeyondTrust’s Remote Support (RS) and Privileged Remote Access (PRA) platforms poses a significant risk to numerous organizations globally. This flaw, identified as CVE-2026-1731, allows unauthenticated remote code execution and is categorized under CWE-78, commonly known as OS Command Injection.

Understanding the Vulnerability

The vulnerability enables attackers to execute arbitrary system commands without requiring authentication or user engagement. By sending specially crafted requests, malicious actors can exploit this flaw to trigger command execution within the vulnerable BeyondTrust systems.

This poses a significant threat as it eliminates the need for prior access credentials or social engineering, making it a prime target for attackers aiming to infiltrate enterprise remote access infrastructures. The potential consequences include unauthorized access to sensitive information, disruption of critical services, and possible lateral movement within the network.

Impacted Versions and Immediate Actions

The vulnerability affects Remote Support versions 25.3.1 and earlier, as well as Privileged Remote Access versions 24.3.4 and older. Organizations using these versions are urged to take swift action to secure their systems.

BeyondTrust has already deployed automatic patches for SaaS customers as of February 2, 2026. For those with self-hosted deployments, immediate manual patch application is necessary. Remote Support users should apply patch BT26-02-RS, while Privileged Remote Access users need patch BT26-02-PRA through their /appliance interface if automatic updates are not active.

Preventive Measures and Future Outlook

Customers with older versions, specifically Remote Support older than 21.3 and Privileged Remote Access older than 22.1, must upgrade to a supported version before applying the security patches. Alternatively, self-hosted PRA users can upgrade to version 25.1.1 or later, and Remote Support users to version 25.3.2 or beyond for full protection.

The vulnerability was identified by Harsh Jaiswal and the Hacktron AI team, who used advanced AI-enabled variant analysis techniques. BeyondTrust praised their responsible disclosure, which allowed the company to develop and distribute patches before any public exploitation.

Organizations utilizing affected BeyondTrust products should prioritize these security updates to mitigate the risk of exploitation. Stay informed with our updates on Google News, LinkedIn, and X for the latest in cybersecurity developments.