Full Report
BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company
Analysis Summary
# Vulnerability: Critical Pre-Authentication Remote Code Execution in BeyondTrust RS and PRA
## CVE Details
- CVE ID: CVE-2026-1731
- CVSS Score: 9.9 (Critical)
- CWE: OS Command Injection (CWE-78)
## Affected Systems
- Products: BeyondTrust Remote Support (RS), BeyondTrust Privileged Remote Access (PRA)
- Versions:
- Remote Support (RS): 25.3.1 and prior
- Privileged Remote Access (PRA): 24.3.4 and prior
- Configurations: Affects both cloud and self-hosted deployments. Customers running RS older than 21.3 or PRA older than 22.1 must upgrade to a newer base version before applying the specific security patches.
## Vulnerability Description
A critical pre-authentication remote code execution (RCE) vulnerability exists in BeyondTrust Remote Support and certain older versions of Privileged Remote Access. By sending specially crafted network requests, an unauthenticated remote attacker can exploit this flaw, which stems from an Operating System Command Injection weakness (CWE-78), to execute arbitrary operating system commands with the privileges of the site user.
## Exploitation
- Status: Details withheld, but the vulnerability was discovered on January 31, 2026, and approximately 11,000 instances were found exposed to the internet.
- Complexity: Low (Implied by "unauthenticated remote attacker" and RCE)
- Attack Vector: Network
## Impact
- Confidentiality: Potential unauthorized access and data exfiltration.
- Integrity: Potential modification or execution of unauthorized commands.
- Availability: Potential service disruption.
## Remediation
### Patches
- **Remote Support (RS):** Apply Patch BT26-02-RS, version 25.3.2 or later.
- **Privileged Remote Access (PRA):** Apply Patch BT26-02-PRA, version 25.1.1 or later.
- *Note for older versions:* Customers running RS < 21.3 or PRA < 22.1 must upgrade to a newer base version first (e.g., PRA users can upgrade to 25.1.1 or newer).
### Workarounds
- For self-hosted customers who cannot immediately apply the patch, ensure all applicable base version upgrade requirements are met, as applying the security patch alone may not be sufficient for very old installations.
## Detection
- Indicators of compromise are currently undisclosed to aid in patching efforts.
- Detection should focus on monitoring network traffic targeting the affected RS/PRA applications for unrecognized or suspicious, specially crafted input being sent to pre-authentication endpoints.
## References
- Vendor Advisory: hxxps://www.beyondtrust.com/trust-center/security-advisories/bt26-02
- Researcher Disclosure: hxxps://www.hacktron.ai/blog/cve-2026-1731-beyondtrust-remote-support-rce