- BeyondTrust warns of critical RCE flaw CVE-2026-1731 in RS and PRA
- Vulnerability allows unauthorized execution of OS commands, risks compromise and data exfiltration
- Patch released February 2, 2026; ~11,000 exposed instances, mostly on-prem deployments
American cybersecurity firm BeyondTrust warned its customers that its Remote Support (RS) product, as well as certain older versions of Privileged Remote Access (PRA), are vulnerable to a remote execution flaw that allows threat actors to run OS commands in the context of the website user.
In a security advisory posted on the company’s site earlier this week, BeyondTrust said the flaw, which stems from an OS command injection weakness, is tracked as CVE-2026-1731 and was given a severity score of 9.9/10 (Critical).
It affects Remote Support 25.3.1 or earlier, and Privileged Remote Access 24.3.4 or earlier.
Corrects the error
“Successful exploitation requires no authentication or user interaction and can lead to system compromise, including unauthorized access, data exfiltration, and service disruption,” BeyondTrust warned, adding that a patch was applied to all customers starting February 2, 2026.
Those running self-hosted applications should apply the patch manually if their instances do not subscribe to automatic updates. BeyondTrust added that those with a Remote Support version older than 21.3 or on Privileged Remote Access older than 22.1 must upgrade to a newer version, and self-hosted customers with PRA can also upgrade to 25.1.1 or newer.
BeyondTrust is a major provider of identity security services with more than 20,000 customers in more than 100 countries around the world.
Harsh Jaiswal and the Hacktron AI team, who were credited with finding the flaw, said approximately 11,000 instances are exposed to the Internet, including both cloud and on-prem deployments. “About ~8,500 of these are on-prem deployments, which remain potentially vulnerable if patches are not applied,” Hacktron said.
Commenting on the findings, BeyondTrust told BleepingComputer that it found no evidence that the bug was exploited in the wild.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
