"BeyondTrust has rolled out patches for a critical-severity vulnerability in Remote Support (RS) and Privileged Remote Access (PRA) that could lead to unauthenticated remote code execution (RCE). Tracked as CVE-2026-1731 (CVSS score of 9.9), the issue can be exploited via specially crafted requests to execute operating system commands as the site user. "Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption," BeyondTrust notes in its advisory."
"The security defect impacts RS versions 25.3.1 and prior, and PRA versions 24.3.4 and prior, and was addressed in RS version 25.3.2 and PRA version 25.1.1. Hacktron AI, which identified and reported the flaw, estimates that roughly 8,500 on-premises RS deployments accessible from the internet are likely affected by the bug. BeyondTrust's RS product, it notes, is mainly used across large enterprises and by organizations in the healthcare, financial services, government, and hospitality sectors."
An unauthenticated critical-severity vulnerability (CVE-2026-1731, CVSS 9.9) in Remote Support (RS) and Privileged Remote Access (PRA) enables remote code execution via specially crafted requests that execute operating system commands as the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, unauthorized access, data exfiltration, and service disruption. The flaw affects RS versions 25.3.1 and earlier and PRA versions 24.3.4 and earlier; fixes are available in RS 25.3.2 and PRA 25.1.1. Approximately 8,500 internet-accessible on-premises RS deployments are likely affected. The affected product is widely deployed in enterprises and critical sectors, increasing the potential blast radius. No in-the-wild exploitation has been reported, but state-linked actors have targeted BeyondTrust products previously.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]