CVE-2026-1731

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support versions 25.3.1 and earlier BeyondTrust Privileged Remote Access versions 24.3.4 and earlier

Description BeyondTrust Remote Support and Privileged Remote Access contain a critical pre-authentication remote code execution vulnerability (CVE-2026-1731) that allows unauthenticated attackers to execute operating system commands in the context of the site user. Attackers can exploit this flaw by sending specially crafted requests. Active exploitation of this vulnerability has been observed, with attackers extracting data and establishing WebSocket channels to execute commands. Approximately 11,000 instances are exposed, with around 8,500 being on-premises deployments. This vulnerability has been linked to previous attacks by sophisticated threat actors. The vulnerability allows attackers to gain full domain control.

Recommendations BeyondTrust Remote Support versions 25.3.1 and earlier: Upgrade to version 25.3.2 or later. BeyondTrust Privileged Remote Access versions 24.3.4 and earlier: Upgrade to version 25.1.1 or later.