BEYONDTRUST has released updates to address a critical pre-authentication remote code execution vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. The flaw, CVE-2026-1731, could allow an unauthenticated attacker to run operating system commands in the context of the site user, potentially leading to unauthorized access, data exfiltration and service disruption, according to BeyondTrust’s advisory.
The vulnerability affects RS versions 25.3.1 and prior and PRA versions 24.3.4 and prior, and has been patched in RS as BT26-02-RS (25.3.2 and later) and PRA as BT26-02-PRA (25.1.1 and later). Self-hosted customers not on automatic updates are urged to apply the patches, with older deployments—RS older than 21.3 or PRA older than 22.1—required to upgrade to a newer version to apply the fix.
Security researchers, including Harsh Jaiswal, noted the flaw was discovered on 31 January 2026 via AI-enabled variant analysis, with about 11,000 internet-exposed instances identified and roughly 8,500 on-prem deployments potentially still vulnerable. The disclosure emphasises that urgent updates are essential given past exploitation of BeyondTrust vulnerabilities.