Tech News
← Back to articles

BeyondTrust warns of critical RCE flaw in remote support software

2026-02-09 | original
read original related products more articles

BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary code remotely.

Tracked as CVE-2026-1731, this pre-authentication remote code execution vulnerability stems from an OS command injection weakness discovered by Harsh Jaiswal and the Hacktron AI team, and it affects BeyondTrust Remote Support 25.3.1 or earlier and Privileged Remote Access 24.3.4 or earlier.

Threat actors with no privileges can exploit it through maliciously crafted client requests in low-complexity attacks that don't require user interaction.

"Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user," BeyondTrust noted. "Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption."

BeyondTrust has secured all RS/PRA cloud systems by February 2, 2026, and has advised all on-premises customers to patch their systems manually by upgrading to Remote Support 25.3.2 or later and Privileged Remote Access 25.1.1 or later, if they haven't enabled automatic updates.

"Approximately 11,000 instances are exposed to the internet including both cloud and on-prem deployments," the Hacktron team warned in a Friday report. "About ~8,500 of those are on-prem deployments which remain potentially vulnerable if patches aren’t applied."

In June 2025, BeyondTrust fixed a high-severity RS/PRA Server-Side Template Injection vulnerability that could also allow unauthenticated attackers to gain remote code execution.

Previous BeyondTrust flaws targeted as zero-days

While the company has yet to say whether attackers have exploited the recently patched CVE-2026-1731 vulnerability in the wild, other BeyondTrust RS/PRA security flaws have been targeted in recent years.

For instance, two years ago, attackers used a stolen API key to compromise 17 Remote Support SaaS instances after breaching BeyondTrust's systems using two RS/PRA zero-day bugs (CVE-2024-12356 and CVE-2024-12686).

... continue reading

Related:
While Your Competitors Drag Employees Back to the Office, You Can Poach Their Best Talent By Doing This Simple Thing
Steam now lets developers display the exact date of when their game leaves Early Access
AI didn’t kill customer support. It’s rebuilding it
I write games in C (yes, C) (2016)
The Smartest Way to Prepare for Growth Is Through Language

© 2026 GoKawiil