BeyondTrust has released security updates to remediate a critical vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. If exploited, the flaw could allow unauthenticated attackers to achieve remote code execution on vulnerable systems.
In a security advisory published on February 6, 2026, BeyondTrust confirmed that Remote Support and certain legacy versions of Privileged Remote Access contain a pre-authentication operating system command injection vulnerability.
The company stated that an unauthenticated remote attacker could exploit the issue by sending specially crafted requests, enabling the execution of operating system commands with the privileges of the site user.
Vulnerability Details
The flaw has been assigned the identifier CVE-2026-1731 and carries a CVSS score of 9.9, reflecting its critical severity.
Successful exploitation could lead to a range of serious impacts, including unauthorized system access, sensitive data exfiltration, service disruption, and full system compromise.
Affected Versions
The vulnerability impacts the following product versions:
- BeyondTrust Remote Support versions 25.3.1 and earlier
- BeyondTrust Privileged Remote Access versions 24.3.4 and earlier
Fixed Versions
BeyondTrust has released patches and updated versions to address the issue:
- Remote Support patched in BT26-02-RS, version 25.3.2 and later
- Privileged Remote Access patched in BT26-02-PRA, version 25.1.1 and later
The company strongly recommends that customers verify their deployed versions and apply the relevant updates without delay.
Guidance for Self-Hosted Deployments
BeyondTrust emphasized that self-hosted customers must manually apply the patch if their environments are not configured for automatic updates.
Organizations running Remote Support versions earlier than 21.3 or Privileged Remote Access versions earlier than 22.1 must first upgrade to a supported release before applying the security fix. Self-hosted PRA users are advised to upgrade directly to version 25.1.1 or newer to fully remediate the vulnerability.
Exposure and Discovery
According to security researcher and Hacktron AI co-founder Harsh Jaiswal, the vulnerability was identified on January 31, 2026, using an AI-driven variant analysis technique. The research uncovered approximately 11,000 exposed instances accessible over the internet.
Researchers noted that nearly 8,500 of these instances are on-premises deployments, which remain vulnerable if patches are not promptly applied. Technical exploitation details have been intentionally withheld to reduce the risk of active abuse while organizations complete remediation efforts.
Security Implications
BeyondTrust products have previously been targeted in real-world exploitation campaigns, making timely patching critical. Organizations relying on Remote Support and Privileged Remote Access are urged to treat this vulnerability as high priority and ensure all systems are updated to the latest secure versions.
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
