BeyondTrust 0-Day Flaw Allows Remote Code Execution

BeyondTrust has disclosed a critical pre-authentication remote code execution vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) platforms, potentially exposing thousands of organizations to system compromise.

The flaw, tracked as CVE-2026-1731 and classified under CWE-78 (OS Command Injection), enables attackers to execute arbitrary operating system commands without requiring authentication or user interaction.

The security flaw allows unauthenticated remote attackers to send specially crafted requests to vulnerable BeyondTrust systems, triggering command execution in the context of the site user.

This represents a severe threat as it requires no prior access credentials or social engineering tactics, making it an attractive target for malicious actors seeking to compromise enterprise remote access infrastructure.

Successful exploitation could lead to complete system compromise, enabling attackers to gain unauthorized access to sensitive data, exfiltrate confidential information, disrupt critical services, and potentially pivot to other systems within the network.

Given that BeyondTrust products are commonly used for privileged access management and remote support across enterprise environments, the vulnerability’s impact extends beyond individual systems to entire organizational infrastructures.

Remote Support versions 25.3.1 and earlier are vulnerable to this exploit. For Privileged Remote Access, versions 24.3.4 and prior contain the security flaw. Organizations running these versions should take immediate action to protect their systems.

Immediate Action Required

BeyondTrust has responded swiftly to the threat. All Remote Support SaaS and Privileged Remote Access SaaS customers received automatic patches on February 2, 2026, fully remediating the vulnerability.

However, self-hosted customers must take manual action. Organizations using self-hosted deployments should immediately apply patch BT26-02-RS for Remote Support or patch BT26-02-PRA for Privileged Remote Access through their /appliance interface, provided automatic updates are not enabled.

Customers running Remote Support versions older than 21.3 or Privileged Remote Access versions older than 22.1 must first upgrade to a supported version before applying the security patch.

Alternatively, self-hosted PRA customers can upgrade directly to version 25.1.1 or later, which includes the fix. Remote Support customers should upgrade to version 25.3.2 or later for complete protection.

The vulnerability was discovered by Harsh Jaiswal and the Hacktron AI team, who employed AI-enabled variant analysis techniques to identify the flaw.

BeyondTrust commended their responsible disclosure process, which enabled the company to investigate, develop patches, and notify customers before public exploitation could occur.

Organizations using affected BeyondTrust products should prioritize patching immediately to prevent potential exploitation of this critical vulnerability.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.