BEYONDTRUST has rolled out patches for a critical RCE vulnerability in Remote Support (RS) and Privileged Remote Access (PRA) that could be exploited remotely without authentication. The flaw is tracked as CVE-2026-1731 and carries a CVSS score of 9.9, with exploitation possible via specially crafted requests to run operating system commands as the site user. It affects RS versions 25.3.1 and prior and PRA versions 24.3.4 and prior, and was addressed in RS version 25.3.2 and PRA version 25.1.1.
Hacktron AI estimates that roughly 8,500 on‑premises RS deployments exposed to the internet are likely affected. BeyondTrust notes that its RS product is widely used across large enterprises including sectors such as healthcare, financial services, government and hospitality, amplifying the potential blast radius. While there have been no reports of CVE-2026-1731 being exploited in the wild, Rapid7 has flagged that state‑sponsored threat actors have previously targeted BeyondTrust products.