BeyondTrust patched a critical pre-auth flaw in Remote Support and PRA that could let attackers execute code remotely. BeyondTrust released security updates to address a critical flaw, tracked as CVE-2026-1731 (CVSS score of 9.9), in its Remote Support and older Privileged Remote Access products. The bug could allow an unauthenticated attacker to send specially crafted […] BeyondTrust patched a critical pre-auth flaw in Remote Support and PRA that could let attackers execute code remotely. BeyondTrust released security updates to address a critical flaw, tracked as CVE-2026-1731 (CVSS score of 9.9), in its Remote Support and older Privileged Remote Access products. The bug could allow an unauthenticated attacker to send specially crafted requests and run operating system commands remotely, without logging in. The issue, disclosed on February 6, 2026, could lead to full remote code execution if exploited, making the updates essential to prevent abuse. “BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability.” reads the advisory. “By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.” Exploiting the flaw would let a remote attacker run system commands without authentication or user interaction, potentially leading to full system compromise, data theft, and service disruption. ” Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user.” continues the advisory. “Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.” The vulnerability impacts: Remote Support versions 25.3.1 and prior Privileged Remote Access versions 24.3.4 and prior Below are the fixed software versions: ProductVersionRemote SupportPatch BT26-02-RS25.3.2 and laterPrivileged Remote AccessPatch BT26-02-PRA25.1.1 and later Harsh Jaiswal and the Hacktron AI team reported the vulnerability. SaaS customers were automatically protected, as the fix was deployed to all Remote Support and Privileged Remote Access cloud environments on February 2, 2026. For self-hosted deployments, administrators must manually install the patch if automatic updates are not enabled. Systems running older versions must first upgrade to a supported release before applying the fix. In particular, PRA self-hosted customers can resolve the flaw by upgrading to version 25.1.1 or later. Hacktron AI team reported that roughly 11,000 BeyondTrust Remote Support instances are exposed online across cloud and on-prem environments. Around 8,500 of these are on-prem systems and could remain vulnerable if not patched. The affected deployments are mainly used by large organizations, including enterprises in healthcare, financial services, government, and hospitality sectors. “At this time, we are withholding technical details to allow affected parties sufficient time to apply patches. We strongly recommend addressing this vulnerability promptly, as exploitation is straightforward.” wrote Hacktron. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, RCE)
Published: 2026-02-09T19:52:26