Article Details
Scrape Timestamp (UTC): 2026-02-09 08:11:05.555
Source: https://thehackernews.com/2026/02/beyondtrust-fixes-critical-pre-auth-rce.html
Original Article Text
Click to Toggle View
BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA. BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution. "BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability," the company said in an advisory released February 6, 2026. "By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user." The vulnerability, categorized as an operating system command injection, has been assigned the CVE identifier CVE-2026-1731. It's rated 9.9 on the CVSS scoring system. BeyondTrust said successful exploitation of the shortcoming could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user, resulting in unauthorized access, data exfiltration, and service disruption. The issue affects the following versions - It has been patched in the following versions - The company is also urging self-hosted customers of Remote Support and Privileged Remote Access to manually apply the patch if their instance is not subscribed to automatic updates. Those running a Remote Support version older than 21.3 or on Privileged Remote Access older than 22.1 are also required to upgrade to a newer version to apply this patch. "Self-hosted customers of PRA may also upgrade to 25.1.1 or a newer version to remediate this vulnerability," it added. According to security researcher and Hacktron AI co-founder Harsh Jaiswal, the vulnerability was discovered on January 31, 2026, through an artificial intelligence (AI)-enabled variant analysis, adding that it found about 11,000 instances exposed to the internet. Additional details of the flaw have been withheld to give users time to apply the patches. "About ~8,500 of those are on-prem deployments, which remain potentially vulnerable if patches aren't applied," Jaiswal said. With security flaws in BeyondTrust Privileged Remote Access and Remote Support having come under active exploitation in the past, it's essential that users update to the latest version as soon as possible for optimal protection.
Daily Brief Summary
BeyondTrust has addressed a critical remote code execution flaw in its Remote Support and Privileged Remote Access products, potentially impacting thousands of users.
The vulnerability, identified as CVE-2026-1731, allows unauthenticated attackers to execute operating system commands, posing risks of unauthorized access and data breaches.
Rated 9.9 on the CVSS scale, the flaw involves operating system command injection via specially crafted requests, demanding urgent patch application.
BeyondTrust advises self-hosted customers to manually apply patches if not on automatic updates, with specific upgrades required for older software versions.
Security researcher Harsh Jaiswal discovered the vulnerability using AI-enabled analysis, finding approximately 11,000 exposed instances, with 8,500 being on-prem deployments.
Users are urged to update immediately, as past vulnerabilities in these products have been actively exploited, highlighting the need for prompt remediation.
Details of the flaw are withheld temporarily to allow users time to secure their systems, emphasizing the importance of timely updates in cybersecurity defense.