BeyondTrust has issued urgent security updates for a critical remote code execution (RCE) vulnerability plaguing its Remote Support (RS) and Privileged Remote Access (PRA) products, with evidence of active exploitation in the wild This article explores vulnerability plaguing remote. . Tracked as CVE-2026-1731, the flaw earns a near-perfect CVSS v4 score of 9.9, enabling unauthenticated attackers to execute arbitrary operating system commands via specially crafted requests.

No credentials or user interaction are required, allowing threat actors to gain unauthorized access in the context of the site user. This could lead to full system compromise, data exfiltration, and widespread service disruptions for enterprises relying on these privileged access tools.

Following disclosure on January 31, 2026, security researchers at Hacktron AI used AI-driven variant analysis to identify the problem and worked with BeyondTrust to quickly fix it. According to Shodan exposure data, approximately 8,500 on-premise deployments and 11,000 internet-facing instances are still vulnerable in the absence of patches. Because the vulnerability can be easily injected through client requests, opportunistic hackers looking for unpatched BeyondTrust appliances will target it.

Description of CVE ID CVSS Score CVE-2026-1731 9.9 (Critical) Remote Support (RS) and Privileged Remote Access (PRA) have a pre-authentication remote code execution vulnerability that permits command injection through specially constructed client requests. Remediation and Patch Information By February 2, 2026, BeyondTrust automatically patched all SaaS environments for Privileged Remote Access and Remote Support, protecting cloud users.

However, because automatic updates are not always available, on-premise customers must take manual action through the appliance interface. To reduce exposure, administrators should check configurations right away. Versions of the Product Affected Fixed Version/Remediation Patch BT26-02-RS (v21.3–25.3.1) and earlier versions of Remote Support (RS) 25.3.1, or upgrade to 25.3.2+ Upgrade to 25.1.1+ or use Privileged Remote Access (PRA) 24.3.4 and earlier Patch BT26-02-PRA (v22.1–24.X).

Organizations using outdated versions encounter challenges: Prior to patching, an intermediate upgrade is necessary for PRA below 22.1 or Remote Support below 21.3. A simpler option is to directly upgrade to supported releases, such as PRA 25.1.1+. Given the high-value targets and exploitation reports, security teams must prioritize this remediation to prevent ransomware or lateral movement in enterprise networks. Set ZeroOwl as a Preferred Source in Google