BeyondTrust has rolled out patches for a critical-severity vulnerability in Remote Support (RS) and Privileged Remote Access (PRA) that could lead to unauthenticated remote code execution (RCE).
Tracked as CVE-2026-1731 (CVSS score of 9.9), the issue can be exploited via specially crafted requests to execute operating system commands as the site user.
“Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption,” BeyondTrust notes in its advisory.
The security defect impacts RS versions 25.3.1 and prior, and PRA versions 24.3.4 and prior, and was addressed in RS version 25.3.2 and PRA version 25.1.1.
Hacktron AI, which identified and reported the flaw, estimates that roughly 8,500 on-premises RS deployments accessible from the internet are likely affected by the bug.
BeyondTrust’s RS product, it notes, is mainly used across large enterprises and by organizations in the healthcare, financial services, government, and hospitality sectors.
“Given that BeyondTrust Remote Support and Privileged Remote Access are widely deployed in enterprise environments for remote access and privileged session management, the potential blast radius of this vulnerability is significant,” Hacktron AI says.
While there have been no reports of CVE-2026-1731 being exploited in the wild, Rapid7 points out that state-sponsored threat actors have targeted vulnerable BeyondTrust products in the past.
The China-linked APT Silk Typhoon is known to have exploited vulnerabilities such as CVE-2024-12356 and CVE-2024-12686, as well as zero-day flaws in attacks targeting US government entities.
“Given this history of targeted attacks against such a widely used platform, these tools remain a critical attack vector that demands immediate defensive action,” Rapid7 notes.
Related: Recent SolarWinds Flaws Potentially Exploited as Zero-Days
Related: SmarterTools Hit by Ransomware via Vulnerability in Its Own Product
Related: Organizations Urged to Replace Discontinued Edge Devices
Related: Critical N8n Sandbox Escape Could Lead to Server Compromise
