**BeyondTrust Warns of Critical RCE Flaw in Remote Support Software**
A severe security flaw has been discovered in BeyondTrust's Remote Support (RS) and Privileged Remote Access (PRA) software, allowing unauthenticated attackers to execute arbitrary code remotely. The vulnerability, tracked as CVE-2026-1731, stems from an OS command injection weakness that can be exploited through maliciously crafted client requests.
**Vulnerability Details**
The flaw affects BeyondTrust Remote Support 25.3.1 or earlier and Privileged Remote Access 24.3.4 or earlier. Threat actors with no privileges can exploit it in low-complexity attacks that don't require user interaction. "Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user," BeyondTrust noted.
**Impact**
The vulnerability poses a significant threat, as successful exploitation may lead to:
* System compromise * Unauthorized access * Data exfiltration * Service disruption
**Patch Availability and Timeline**
BeyondTrust has already secured all RS/PRA cloud systems by February 2, 2026. The company advises on-premises customers to patch their systems manually by upgrading to Remote Support 25.3.2 or later and Privileged Remote Access 25.1.1 or later, if automatic updates are not enabled.
**Exposed Instances**
The Hacktron team warned that approximately 11,000 instances are exposed to the internet, including both cloud and on-prem deployments. About ~8,500 of those are on-prem deployments, which remain potentially vulnerable if patches aren’t applied.
**Previous BeyondTrust Flaws Exploited in the Wild**
While there is no known active exploitation of CVE-2026-1731 at this time, threat actors have exploited other BeyondTrust RS/PRA security flaws in recent years. In June 2025, BeyondTrust fixed a high-severity RS/PRA Server-Side Template Injection vulnerability that also allowed unauthenticated attackers to gain remote code execution.
**BeyondTrust's Security Footprint**
As one of the leading identity security service providers, BeyondTrust offers its services to over 20,000 customers across more than 100 countries, including 75% of Fortune 100 companies worldwide. The company's Remote Support is an enterprise-grade remote support solution that helps IT support teams troubleshoot issues remotely, while Privileged Remote Access serves as a secure gateway that enforces authorization rules for specific systems and resources.
**Related Security News**
* SolarWinds Releases Third Patch to Fix Web Help Desk RCE Bug * CISA Says Critical VMware RCE Flaw Now Actively Exploited * Trend Micro Warns of Critical Apex Central RCE Vulnerability * Trend Micro Fixes Actively Exploited Remote Code Execution Bug
**Stay Informed**
To stay up-to-date on the latest security news and vulnerabilities, follow us for in-depth analysis and expert insights.
[Code to format as HTML with paragraphs]
BeyondTrust Warns of Critical RCE Flaw in Remote Support Software
A severe security flaw has been discovered in BeyondTrust's Remote Support (RS) and Privileged Remote Access (PRA) software, allowing unauthenticated attackers to execute arbitrary code remotely. The vulnerability, tracked as CVE-2026-1731, stems from an OS command injection weakness that can be exploited through maliciously crafted client requests.
...