Critical BeyondTrust Flaw Allows RCE

On February 6, 2026, BeyondTrust issued a critical security advisory, warning of a severe vulnerability in its widely used Remote Support and Privileged Remote Access products. This flaw, if exploited, could allow attackers to remotely execute commands on systems without any authentication required.

The vulnerability, tracked as CVE-2026-1731, is an operating system command injection flaw rated 9.9 on the CVSS scale. BeyondTrust said in its advisory that sending specially crafted requests could let an attacker run commands as the site user.

Consequently, successful exploitation may lead to unauthorized access, data theft, and major service disruptions. The issue impacts Remote Support versions 25.3.1 and prior, as well as Privileged Remote Access versions 24.3.4 and prior.

Patches are available in Remote Support version 25.3.2 and Privileged Remote Access 25.1.1. Meanwhile, the company is urging all self-hosted customers who do not receive automatic updates to apply the fixes manually.

Security researcher Harsh Jaiswal, co-founder of Hacktron AI, said the bug was discovered on January 31, 2026, through AI-enabled analysis. He added that it found about 11,000 instances exposed to the internet, with roughly 8,500 being on-prem deployments that remain vulnerable without the patch.

Given that past flaws in these BeyondTrust products have been actively exploited, applying the update is urgently recommended for optimal protection.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

• India’s US-EU Trade Deals Shift Tensions With China in BRICS
• Bitcoin Rally Fades as Investor Warns of Regulations
• FDIC pays Coinbase $188k, settles FOIA lawsuit
• Goldman Sachs $250 Nvidia Target Sees 35% Upside
• Crypto.com CEO debuts AI agent platform ai.com via Super Bowl