Ddos 
BeyondTrust has issued a critical security alert for its popular remote access solutions, warning of a near-maximum severity vulnerability that could allow hackers to seize control of systems without ever logging in. The flaw, tracked as CVE-2026-1731, carries a CVSSv4 score of 9.9, signaling an immediate “patch now” priority for organizations managing self-hosted instances.
The vulnerability affects BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA), tools designed to help IT teams securely manage infrastructure. Ironically, this flaw turns that security gatekeeper into a potential open door.
The core of the issue is a “pre-authentication remote code execution” vulnerability. In plain English, this means an attacker does not need a username, a password, or any prior access to the system to launch an attack. They simply need to send a specific type of network request to the target server.
The advisory explains the mechanism clearly: “Beyond Trust Remote Support and older versions of Privileged Remote Access contain a critical pre-authentication remote code execution vulnerability that may be triggered through specially crafted client requests”.
Once the request is received, the attacker can execute operating system commands with the privileges of the “site user.” Because these tools are often integrated deeply into corporate networks, the potential fallout is massive.
“Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption,” the report warns.
For customers using BeyondTrust’s cloud-based (SaaS) versions, the crisis has already been averted. The company automatically applied patches to all SaaS instances on February 2, 2026.
However, organizations running self-hosted (on-premises) appliances are at risk and must manually apply the update.
- Remote Support (RS): Versions 25.3.1 and prior are vulnerable. Admins must upgrade to 25.3.2 or later.
- Privileged Remote Access (PRA): Versions 24.3.4 and prior are vulnerable. Admins must upgrade to 25.1.1 or later.
For teams running significantly older versions of the software, the path to safety is slightly longer. The advisory notes that customers on Remote Support versions older than 21.3 or PRA versions older than 22.1 cannot simply apply the patch; they “will need to upgrade to a newer version to apply this patch”.
With a CVSS score of 9.9, this vulnerability represents a best-case scenario for attackers and a worst-case scenario for defenders. IT administrators are urged to check their appliance interfaces immediately and ensure Patch BT26-02-RS or Patch BT26-02-PRA is applied.
Related Posts:
- Unauthenticated RCE in BeyondTrust Tools: Chat Feature Opens Door to Server Takeover
- BeyondTrust PRA Vulnerability (CVE-2025-0217) Enables Session Hijacking via Authentication Bypass
- CVE-2024-12356 (CVSS 9.8): Critical Vulnerability in BeyondTrust PRA and RS Enables Remote Code Execution
- BeyondTrust Privilege Management for Windows Vulnerability Allows Local Privilege Escalation
- CISA Warns of Active Exploitation of Critical Flaws in BeyondTrust and Qlik Sense
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
