BeyondTrust warned of a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) in Remote Support and Privileged Remote Access that allows unauthenticated attackers to execute OS commands via crafted client requests. The vendor has secured cloud instances and urged on‑premises customers to upgrade to Remote Support 25.3.2 and Privileged Remote Access 25.1.1 to mitigate exposure affecting roughly 11,000 internet-facing instances. #CVE-2026-1731 #BeyondTrust
Keypoints
- The flaw is a pre-auth OS command injection tracked as CVE-2026-1731 impacting RS 25.3.1 and earlier and PRA 24.3.4 and earlier.
- Harsh Jaiswal and the Hacktron AI team discovered the vulnerability, which can be exploited with low complexity and no user interaction.
- BeyondTrust secured all cloud RS/PRA systems by February 2, 2026, and advised on‑prem customers to manually apply patches if automatic updates are not enabled.
- Previous Real-world attacks on BeyondTrust (involving stolen API keys and zero-days) have been linked to the Silk Typhoon threat actor, underscoring the high impact risk of RCE bugs.