BeyondTrust Releases Security Advisory for Remote Support and Privileged Remote Access

CVE-2026-1731 could allow an unauthenticated attacker to perform remote code execution

Threat ID:: CC-4743
Threat Severity:: High
Published:: 9 February 2026 2:36 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

CVE-2026-1731 could allow an unauthenticated attacker to perform remote code execution

Affected platforms

The following platforms are known to be affected:

BeyondTrust Remote Support

Version 25.3.1 and prior

BeyondTrust Privileged Remote Access

Version 24.3.4 and prior

Threat details

Exploitation of CVE-2026-1731

Security researchers have stated that they have observed exploitation of CVE-2026-1731 in the wild.

Additionally, security researchers have published a proof-of-concept exploit for CVE-2026-1731, noting that the vulnerability appears to be similar to another exploited vulnerability CVE-2024-12356. The NHS England National CSOC assesses further exploitation as highly likely.

Organisations are strongly encouraged to follow NCSC's vulnerability management guidance, including implementing a "patch by default" policy and patching edge devices as soon as possible if a critical vulnerability is identified.

Introduction

BeyondTrust has released a security advisory to address a critical vulnerability affecting Remote Support (RS) and Privileged Remote Access (PRA). Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user through specially crafted client requests.

CVE-2026-1731 - an 'Improper Neutralization of Special Elements used in an OS Command' vulnerability - CVSSv4 Score: 9.9

Threat updates

Date	Update
12 Feb 2026	Exploitation of CVE-2026-1731 reported in the wild. The following items have been updated to reflect this change: Proof-of-concept emphasis box updated to exploitation of CVE-2026-1731
11 Feb 2026	Proof-Of-Concept Exploit Released for CVE-2026-1731. The following items have been updated to reflect this change: Severity changed to High Proof-of-concept emphasis box Affected versions Introduction Remediation advice

Date

Update

12 Feb 2026

Exploitation of CVE-2026-1731 reported in the wild.

The following items have been updated to reflect this change:

Proof-of-concept emphasis box updated to exploitation of CVE-2026-1731

11 Feb 2026

Proof-Of-Concept Exploit Released for CVE-2026-1731.

The following items have been updated to reflect this change:

Severity changed to High
Proof-of-concept emphasis box
Affected versions
Introduction
Remediation advice

Remediation advice

Affected organisations must review the BeyondTrust Advisory BT26-02 and follow the remediation steps below.

Note: Organisations running BeyondTrust Remote Support versions older than 21.3 or Privileged Remote Access versions older than 22.1 must upgrade to a newer version to apply the patch.

Remediation steps

Type	Step
Patch	Remote Support - Versions 21.3 through 25.3.1 Affected organisations must apply Patch BT26-02-RS. https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
Patch	Privileged Remote Access - Versions 22.1 through 24.3.4 Affected organisations must apply Patch BT26-02-PRA. Note: Privileged Remote Access versions 25.1 and higher do not require patching for this vulnerability. https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
Action	Remote Support - Versions prior to 21.3 Privileged Remote Access - Versions prior to 22.1 Organisations must upgrade to a newer version to apply the patch. https://www.beyondtrust.com/trust-center/security-advisories/bt26-02

Type

Step

Patch

Remote Support - Versions 21.3 through 25.3.1

Affected organisations must apply Patch BT26-02-RS.

https://www.beyondtrust.com/trust-center/security-advisories/bt26-02

Patch

Privileged Remote Access - Versions 22.1 through 24.3.4

Affected organisations must apply Patch BT26-02-PRA.

Note: Privileged Remote Access versions 25.1 and higher do not require patching for this vulnerability.

https://www.beyondtrust.com/trust-center/security-advisories/bt26-02

Action

Remote Support - Versions prior to 21.3

Privileged Remote Access - Versions prior to 22.1

Organisations must upgrade to a newer version to apply the patch.

https://www.beyondtrust.com/trust-center/security-advisories/bt26-02

Definitive source of threat updates

https://www.beyondtrust.com/trust-center/security-advisories/bt26-02

CVE Vulnerabilities

Status Published

CVE-2026-1731

BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.

Last edited: 12 February 2026 2:29 pm