Home Cyber Security BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution
BeyondTrust Remote Access Products 0-Day Vulnerability
BeyondTrust has disclosed a critical pre-authentication remote code execution vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) platforms, potentially exposing thousands of organizations to system compromise.
The flaw, tracked as CVE-2026-1731 and classified under CWE-78 (OS Command Injection), enables attackers to execute arbitrary operating system commands without requiring authentication or user interaction.
The security flaw allows unauthenticated remote attackers to send specially crafted requests to vulnerable BeyondTrust systems, triggering command execution in the context of the site user.
This represents a severe threat as it requires no prior access credentials or social engineering tactics, making it an attractive target for malicious actors seeking to compromise enterprise remote access infrastructure.
Successful exploitation could lead to complete system compromise, enabling attackers to gain unauthorized access to sensitive data, exfiltrate confidential information, disrupt critical services, and potentially pivot to other systems within the network.
Given that BeyondTrust products are commonly used for privileged access management and remote support across enterprise environments, the vulnerability’s impact extends beyond individual systems to entire organizational infrastructures.
Remote Support versions 25.3.1 and earlier are vulnerable to this exploit. For Privileged Remote Access, versions 24.3.4 and prior contain the security flaw. Organizations running these versions should take immediate action to protect their systems.
Immediate Action Required
BeyondTrust has responded swiftly to the threat. All Remote Support SaaS and Privileged Remote Access SaaS customers received automatic patches on February 2, 2026, fully remediating the vulnerability.
However, self-hosted customers must take manual action. Organizations using self-hosted deployments should immediately apply patch BT26-02-RS for Remote Support or patch BT26-02-PRA for Privileged Remote Access through their /appliance interface, provided automatic updates are not enabled.
Customers running Remote Support versions older than 21.3 or Privileged Remote Access versions older than 22.1 must first upgrade to a supported version before applying the security patch. Remote Support customers should upgrade to version 25.3.2 or later for complete protection.
The vulnerability was discovered by Harsh Jaiswal and the Hacktron AI team, who employed AI-enabled variant analysis techniques to identify the flaw.
BeyondTrust commended their responsible disclosure process, which enabled the company to investigate, develop patches, and notify customers before public exploitation could occur.
Organizations using affected BeyondTrust products should prioritize patching immediately to prevent potential exploitation of this critical vulnerability.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
RELATED ARTICLESMORE FROM AUTHOR
Cyber Attack News
Microsoft Teams Support Call Leads to Quick Assist Compromise in New Vishing Attack
Cyber Security News
Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance
Cyber Security News
Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises
Top 10
Essential E-Signature Solutions for Cybersecurity in 2026
January 31, 2026
Top 10 Best Data Removal Services In 2026
January 29, 2026
Best VPN Services of 2026: Fast, Secure & Affordable
January 26, 2026
Top 10 Best Data Security Companies in 2026
January 23, 2026
Top 15 Best Ethical Hacking Tools – 2026
January 15, 2026