CVE- 2026-1731 is described as a critical pre-authentication remote code execution flaw (CVSS 9.9) that could allow attackers to take control of affected systems without any login. BeyondTrust says the vulnerability affects BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA), turning a security gatekeeper into a potential entry point for intruders.
According to BeyondTrust, the issue can be triggered by specially crafted client requests, enabling the attacker to execute OS commands with the privileges of the site user. SaaS customers have already been patched, with BeyondTrust applying updates to all cloud instances on 2 February 2026; on‑premises appliances require a manual upgrade to mitigate the risk.
Specifically, Remote Support versions 25.3.1 and earlier are vulnerable and should upgrade to 25.3.2 or later, while PRA versions 24.3.4 and earlier should upgrade to 25.1.1 or later; customers on older RS (pre-21.3) or PRA (pre-22.1) versions will need a broader upgrade to apply the patch.