BeyondTrust Patches Critical RCE Flaw

BeyondTrust Remote Support and Privileged Remote Access products face risks from CVE-2026-1731, a severe flaw allowing unauthenticated remote attackers to inject OS commands. The BeyondTrust pre-auth RCE vulnerability threatens on-premises privileged access solutions used in enterprise environments for secure remote support. Potential consequences include unauthorized system access, data breaches compromising confidentiality, and disruptions to service availability.

Vulnerability Details

CVE-2026-1731 stems from improper neutralization of special elements in OS commands, enabling execution in the site user context via crafted requests. Discovered January 31, 2026, by AI-assisted analysis from Hacktron researchers, it impacts internet-exposed instances.

Affected Versions

The flaw affects specific releases of BeyondTrust products deployed in self-hosted setups.

Versions below RS 21.3 or PRA 22.1 require full upgrades for patching.

Exposure Scope

Researchers identified roughly 11,000 internet-facing instances, with about 8,500 on-premises potentially vulnerable absent updates. Cloud-hosted customers received automatic fixes on February 2, 2026. Self-hosted users must apply patches manually via BeyondTrust advisories.

Remediation Guidance

BeyondTrust urges immediate patching for all eligible versions. SaaS deployments stand protected automatically. Prior history of exploited flaws in these tools heightens urgency for timely updates to maintain access control integrity.

The BeyondTrust pre-auth RCE poses substantial risks to privileged session security, enabling broad operational impacts if exploited. Vendor patches BT26-02-RS and BT26-02-PRA, along with version upgrades, fully resolve the issue per the February 6 advisory.