CVE-2026-1731 – BeyondTrust Remote Support (RS) & Privileged Remote Access (PRA) Critical Pre-Authentication Remote Code Execution Vulnerability

BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability identified as CVE-2026-1731. The issue is caused by improper input handling that allows attackers to inject and execute operating system commands. The vulnerability has a CVSS base score of 9.9 (Critical), reflecting how easily it can be exploited and the severe impact if abused.

An unauthenticated remote attacker can exploit this weakness over the network without valid credentials or user interaction. Successful exploitation allows execution of arbitrary commands on the affected system, potentially leading to full system compromise, theft of sensitive data, service outages, and further movement inside the network. Because these products are often deployed with high privileges and exposed to administrators, the risk is especially high in enterprise environments.

BeyondTrust released patches to address the issue. SaaS deployments were automatically updated, while self-hosted environments must apply the vendor-provided updates to remediate the vulnerability. At the time of disclosure, no confirmed widespread real-world exploitation had been reported, but the simplicity and impact of the attack make this vulnerability particularly dangerous if left unpatched.