top of page
Search

CVE-2026-1732: Critical BeyondTrust Flaw (CVSS 9.9) Allows Pre-Auth RCE

  • Feb 9
  • 2 min read

Key Findings


  • Critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products

  • Tracked as CVE-2026-1731 with a CVSS score of 9.9

  • Allows unauthenticated remote attackers to execute OS commands and compromise systems

  • Affects RS versions 25.3.1 and prior, and PRA versions 24.3.4 and prior

  • Patches available in RS v25.3.2+ and PRA v25.1.1+

  • Customers with older versions (RS <21.3, PRA <22.1) must upgrade before applying patches


Background


BeyondTrust is a leading provider of remote access and privileged access management (PAM) solutions. Its Remote Support (RS) and Privileged Remote Access (PRA) products are widely used by organizations to securely manage IT infrastructure and provide remote support.


Vulnerability Details


The vulnerability, categorized as an operating system command injection flaw, allows an unauthenticated remote attacker to execute arbitrary commands on the target system. This is possible due to a flaw in the way the BeyondTrust products handle certain client requests.


Impact


Successful exploitation of this vulnerability could lead to complete system compromise, unauthorized access, data exfiltration, and service disruption. The high CVSS score of 9.9 indicates the critical nature of this flaw and the urgency for organizations to apply the necessary patches.


Affected Versions


  • BeyondTrust Remote Support (RS) versions 25.3.1 and prior

  • BeyondTrust Privileged Remote Access (PRA) versions 24.3.4 and prior


Remediation


BeyondTrust has released the following patches to address the vulnerability:


  • Remote Support (RS): Patch BT26-02-RS, version 25.3.2 and later

  • Privileged Remote Access (PRA): Patch BT26-02-PRA, version 25.1.1 and later


Customers running self-hosted (on-premises) versions of these products must manually apply the appropriate patch to their systems. Those using older versions (RS <21.3, PRA <22.1) will need to upgrade to a newer version before applying the patch.


Conclusion


The critical nature of this vulnerability, combined with its ease of exploitation, makes it an urgent priority for organizations using BeyondTrust Remote Support and Privileged Remote Access. IT administrators are advised to check their systems and apply the necessary patches or upgrades immediately to mitigate the risk of compromise.


Sources


  • https://securityonline.info/cve-2026-1731-critical-beyondtrust-flaw-cvss-9-9-allows-pre-auth-rce/

  • https://thehackernews.com/2026/02/beyondtrust-fixes-critical-pre-auth-rce.html

  • https://x.com/the_yellow_fall/status/2020688710023688418

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page