BeyondTrust has urgently released security updates to address a critical remote code execution (RCE) vulnerability affecting its widely used Remote Support (RS) and Privileged Remote Access (PRA) products.
Designated as CVE-2026-1731, this severe flaw carries a near-maximum CVSS v4 score of 9.9.
The vulnerability creates a dangerous opening for unauthenticated remote attackers to execute arbitrary operating system commands.
By sending specially crafted requests to a vulnerable instance, a threat actor can gain unauthorized access without needing any credentials or user interaction.
Security researchers at Hacktron AI discovered the issue through AI-enabled variant analysis and worked closely with the vendor to ensure a rapid fix before widespread abuse could occur.
Successful exploitation allows the attacker to operate within the context of the site user, potentially leading to total system compromise, data exfiltration, and significant service disruption.
Exposure analysis via Shodan indicates that approximately 11,000 instances are currently visible on the internet, with nearly 8,500 on-premise deployments remaining at high risk if they have not yet applied the necessary updates.
| CVE ID | CVSS Score | Description |
|---|---|---|
| CVE-2026-1731 | 9.9 (Critical) | A pre-authentication remote code execution vulnerability in Remote Support (RS) and Privileged Remote Access (PRA) allowing command injection via crafted client requests. |
BeyondTrust acted swiftly following the initial disclosure report submitted on January 31, 2026.
The vendor automatically applied patches to all Remote Support SaaS and Privileged Remote Access SaaS environments by February 2, 2026, effectively securing cloud-hosted customers against this threat.
However, organizations utilizing self-hosted on-premise appliances must manually apply the security update immediately.
Administrators should verify their configurations, as instances not subscribed to automatic updates in the appliance interface remain vulnerable to potential exploitation.
| Product | Affected Versions | Remediation / Fixed Version |
|---|---|---|
| Remote Support (RS) | 25.3.1 and prior | Patch BT26-02-RS (v21.3 – 25.3.1) or Upgrade to 25.3.2+ |
| Privileged Remote Access (PRA) | 24.3.4 and prior | Patch BT26-02-PRA (v22.1 – 24.X) or Upgrade to 25.1.1+ |
Customers operating on older versions of the software face additional requirements.
Those using Remote Support versions older than 21.3 or Privileged Remote Access versions older than 22.1 must first upgrade to a newer supported version to apply the patch.
Alternatively, self-hosted PRA customers can remediate the vulnerability by upgrading directly to version 25.1.1 or newer.
The discovery was made possible through Hacktron AI’s autonomous agents, which identified the command injection flaw.
Given the ease of exploitation and the high value of targets using these privileged access tools, security teams are advised to prioritize this patch immediately.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google
