BeyondTrust has released patches for a critical pre-authentication remote code execution flaw in Remote Support and older Privileged Remote Access that could allow an unauthenticated attacker to execute OS commands (CVE-2026-1731), rated 9.9 CVSS. Self-hosted users must apply the BT26-02-RS or BT26-02-PRA patches or upgrade to the fixed versions immediately after researcher Harsh Jaiswal (Hacktron AI) found roughly 11,000 internet-exposed instances, including about 8,500 on-prem deployments. #BeyondTrust #CVE-2026-1731
Keypoints
- Critical pre-authentication remote code execution vulnerability (CVE-2026-1731) affects BeyondTrust products and scores 9.9 on CVSS.
- Impacted versions: Remote Support 25.3.1 and prior, Privileged Remote Access 24.3.4 and prior.
- Patches available: Remote Support 25.3.2 (BT26-02-RS) and Privileged Remote Access 25.1.1 (BT26-02-PRA); apply manually if not on automatic updates.
- Successful exploitation can execute OS commands as the site user, leading to unauthorized access, data exfiltration, and service disruption.
- Vulnerability discovered Jan 31, 2026 via AI-enabled analysis by Harsh Jaiswal (Hacktron AI), with ~11,000 exposed instances (≈8,500 on-prem).
Read More: https://thehackernews.com/2026/02/beyondtrust-fixes-critical-pre-auth-rce.html