- BeyondTrust warns of critical RCE flaw CVE-2026-1731 in RS and PRA
- Vulnerability allows unauthenticated OS command execution, risking compromise and data exfiltration
- Patch released February 2, 2026; ~11,000 instances exposed, mostly on-prem deployments
American cybersecurity company BeyondTrust warned its customers that its Remote Support (RS) product, as well as certain older versions of Privileged Remote Access (PRA), are vulnerable to a remote code execution flaw that allows threat actors to run OS commands in the context of the site user.
In a security advisory published on the company’s page earlier this week, BeyondTrust said that the bug, stemming from an OS command injection weakness, is tracked as CVE-2026-1731, and was given a severity score of 9.9/10 (critical).
It affects Remote Support 25.3.1 or earlier, and Privileged Remote Access 24.3.4, or earlier.
Patching the flaw
“Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption,” BeyondTrust warned, adding that a patch was applied to all customers as of February 2, 2026.
Those running self-hosted programs should apply the patch manually, in case their instances are not subscribed to automatic updates. BeyondTrust added that those on a Remote Support version older than 21.3 or on Privileged Remote Access older than 22.1 will need to upgrade to a newer version, and self-hosted customers of PRA may also upgrade to 25.1.1 or later.
BeyondTrust is a major identity security service provider, with more than 20,000 customers in more than 100 countries around the world.
Harsh Jaiswal and the Hacktron AI team, who were credited with finding the flaw, said that approximately 11,000 instances are exposed to the internet, including both cloud and on-prem deployments. "About ~8,500 of those are on-prem deployments which remain potentially vulnerable if patches aren’t applied," Hacktron said.
Commenting on the findings, BeyondTrust told BleepingComputer that it found no evidence that the flaw was abused in the wild.
Via BleepingComputer
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
