BeyondTrust has issued critical security updates for its Remote Support (RS) and Privileged Remote Access (PRA) products, addressing a pre-authentication remote code execution flaw. This vulnerability, if exploited, could allow unauthenticated attackers to execute operating system commands on affected systems, posing a significant risk to enterprise security and network security.
The company disclosed the critical security flaw in an advisory released on February 6, 2026. The vulnerability, identified as CVE-2026-1731, carries a maximum CVSS score of 9.9, indicating a severe risk. Successful exploitation could grant attackers unauthorized access, enable data exfiltration, and lead to service disruptions.
BeyondTrust Addresses Critical Remote Code Execution Vulnerability
The critical vulnerability resides within BeyondTrust Remote Support and certain older versions of Privileged Remote Access. According to BeyondTrust, an unauthenticated remote attacker can exploit the flaw by sending specially crafted requests. This could allow them to execute operating system commands in the context of the site user, bypassing authentication mechanisms.
Affected Versions and Patching Information
The security flaw impacts Remote Support versions 25.3.1 and prior, as well as Privileged Remote Access versions 24.3.4 and prior. BeyondTrust has released patches to mitigate this risk. Customers using Remote Support should update to patch BT26-02-RS, version 25.3.2, or later. For Privileged Remote Access, the recommended update is patch BT26-02-PRA, version 25.1.1, or later.
BeyondTrust strongly urges self-hosted customers utilizing Remote Support and Privileged Remote Access to manually apply the provided patches if their systems are not configured for automatic updates. Customers running Remote Support versions older than 21.3 or Privileged Remote Access versions older than 22.1 are also advised to upgrade to a newer version before applying the fix to ensure complete remediation.
Self-hosted Privileged Remote Access customers can also address this vulnerability by upgrading to version 25.1.1 or a subsequently released version.
Discovery and Implications of the Vulnerability
Security researcher Harsh Jaiswal, co-founder of Hacktron AI, reportedly discovered the vulnerability on January 31, 2026, utilizing an artificial intelligence-enabled variant analysis. Jaiswal indicated that approximately 11,000 instances of the affected software were exposed to the internet. He noted that around 8,500 of these are on-premise deployments, which remain potentially vulnerable if the necessary patches are not applied promptly.
The company has withheld further technical details regarding the flaw to provide users with adequate time to implement the necessary security patches. Given BeyondTrust’s history with previous security flaws in its Privileged Remote Access and Remote Support products being actively exploited, prompt patching is paramount for maintaining robust network security.
The successful exploitation of this critical vulnerability could have far-reaching consequences for organizations relying on these remote access solutions. The ability for an attacker to execute arbitrary operating system commands remotely opens the door to significant security breaches, including the compromise of sensitive data and extensive operational disruptions.
BeyondTrust’s proactive release of patches and advisories underscores the severity of CVE-2026-1731. Organizations that utilize BeyondTrust Remote Support and Privileged Remote Access must prioritize the immediate application of these updates to safeguard their infrastructure and sensitive information. The coming weeks will be crucial in determining the extent to which organizations have adopted these patches and, consequently, their exposure to potential attacks leveraging this critical flaw.