Full Report
BeyondTrust warned customers to patch a critical security flaw in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow unauthenticated attackers to execute arbitrary code remotely. [...]
Analysis Summary
# Vulnerability: Critical Pre-Authentication RCE in BeyondTrust RS/PRA via OS Command Injection
## CVE Details
- CVE ID: CVE-2026-1731
- CVSS Score: Not explicitly stated in the text, but described as **critical** RCE.
- CWE: OS command injection weakness
## Affected Systems
- Products: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
- Versions:
- Remote Support (RS): 25.3.1 or earlier
- Privileged Remote Access (PRA): 24.3.4 or earlier
- Configurations: On-premises deployments are explicitly targeted for manual patching.
## Vulnerability Description
This vulnerability is a pre-authentication Remote Code Execution (RCE) flaw stemming from an OS Command Injection weakness. Unauthenticated attackers can exploit this by sending **maliciously crafted client requests**. Successful exploitation allows the attacker to execute arbitrary operating system commands within the context of the site user, potentially leading to system compromise, unauthorized access, data exfiltration, and service disruption.
## Exploitation
- Status: Not explicitly stated as exploited in the wild, but the vendor issued a critical warning.
- Complexity: **Low-complexity** attacks.
- Attack Vector: **Network** (Remote)
- Requirements: **Unauthenticated** and requires **no user interaction**.
## Impact
- Confidentiality: **High** (Potential for unauthorized access and data exfiltration)
- Integrity: **High** (Potential for system compromise)
- Availability: **High** (Potential for service disruption)
## Remediation
### Patches
- Remote Support (RS): Upgrade to version **25.3.2 or later**.
- Privileged Remote Access (PRA): Upgrade to version **25.1.1 or later**.
### Workarounds
- Customers who have not enabled automatic updates for on-premises software should apply the patches manually as described above. (No specific temporary workarounds were detailed in the text.)
## Detection
- Detection details were not provided in the summary text, focusing primarily on remediation. General detection should focus on network traffic for suspicious, non-standard client requests targeting the RS/PRA component.
## References
- Vendor Advisory: [beyondtrust.com/trust-center/security-advisories/bt26-02]
- General Mention: [bleepingcomputer.com/news/security/beyondtrust-warns-of-critical-rce-flaw-in-remote-support-software/]