BeyondTrust RCE flaw lets hackers run code without logging in

News
By published

A 9.9/10 bug was found in multiple BeyondTrust products

World Password Day 2025
(Image credit: Shutterstock)
  • BeyondTrust warns of critical RCE flaw CVE-2026-1731 in RS and PRA
  • Vulnerability allows unauthenticated OS command execution, risking compromise and data exfiltration
  • Patch released February 2, 2026; ~11,000 instances exposed, mostly on-prem deployments

American cybersecurity company BeyondTrust warned its customers that its Remote Support (RS) product, as well as certain older versions of Privileged Remote Access (PRA), are vulnerable to a remote code execution flaw that allows threat actors to run OS commands in the context of the site user.

In a security advisory published on the company’s page earlier this week, BeyondTrust said that the bug, stemming from an OS command injection weakness, is tracked as CVE-2026-1731, and was given a severity score of 9.9/10 (critical).

It affects Remote Support 25.3.1 or earlier, and Privileged Remote Access 24.3.4, or earlier.

Patching the flaw

“Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption,” BeyondTrust warned, adding that a patch was applied to all customers as of February 2, 2026.

Those running self-hosted programs should apply the patch manually, in case their instances are not subscribed to automatic updates. BeyondTrust added that those on a Remote Support version older than 21.3 or on Privileged Remote Access older than 22.1 will need to upgrade to a newer version, and self-hosted customers of PRA may also upgrade to 25.1.1 or later.

BeyondTrust is a major identity security service provider, with more than 20,000 customers in more than 100 countries around the world.

Harsh Jaiswal and the Hacktron AI team, who were credited with finding the flaw, said that approximately 11,000 instances are exposed to the internet, including both cloud and on-prem deployments. "About ~8,500 of those are on-prem deployments which remain potentially vulnerable if patches aren’t applied," Hacktron said.

Commenting on the findings, BeyondTrust told BleepingComputer that it found no evidence that the flaw was abused in the wild.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.