Vulnerability Description
A critical pre-authentication remote code execution vulnerability (CVSSv4 9.9) affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products was published on February 6, 2026. The vulnerability is an OS command injection flaw that allows an unauthenticated remote attacker to execute operating system commands in the context of the site user by sending specially crafted requests, with no authentication or user interaction required.
See the full breakdown by country in Censys Platform →
| Field | Description |
| CVE-ID | CVE-2026-1731 — CVSSv4 9.9 — assigned by BeyondTrust |
| Vulnerability Description | An OS command injection flaw in BeyondTrust RS and PRA products allows an unauthenticated remote attacker to execute operating system commands in the context of the site user with no authentication or user interaction required. |
| Date of Disclosure | February 6, 2026 |
| Affected Assets | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products |
| Vulnerable Software Versions | Remote Support versions prior to 25.3.2 and Privileged Remote Access versions prior to 25.1.1 are affected. |
| PoC Available | No public PoCs are available at time of writing, but the attack is straightforward to exploit, so it is important to patch as quickly as possible. |
| Exploitation Status | At time of writing, there are currently no confirmed reports of this vulnerability being exploited in the wild |
| Patch Status | Patches are available. BeyondTrust released advisory BT26-02 on February 6, 2026, stating that this is fixed in Remote Support 25.3.2 and later, and in Privileged Remote Access 25.1.1 and later. |
Censys Perspective
At time of writing, Censys sees 190,832 exposed web properties, trackable with the following queries:
(host.services.software:(vendor:"BeyondTrust" and product:{"Remote Support", "Privileged Remote Access"}) or web.software:(vendor:"BeyondTrust" and product:{"Remote Support", "Privileged Remote Access"})) and not labels: "HONEYPOT"host.services.software: (vendor="BeyondTrust" and product: {"Remote Support", "Privileged Remote Access"}) or web_entity.instances.software: (vendor="BeyondTrust" and product: {"Remote Support", "Privileged Remote Access"})services.software: (vendor="BeyondTrust" and product: {"Remote Support", "Privileged Remote Access"}) and not labels: {honeypot, tarpit}