CISA Added BeyondTrust Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2026-1731)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns about an actively exploited vulnerability in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products. Tracked as CVE-2026-1731, successful exploitation of the vulnerability could allow an unauthenticated remote attacker to achieve remote code execution by sending specially crafted requests. CISA urged users to patch the vulnerability before February 16, 2026.
BeyondTrust mentioned in the advisory, “BeyondTrust is aware of and supports a limited number of self-hosted customers in responding to active exploitation attempts of the previously disclosed critical vulnerability (CVE-2026-1731) in its Remote Support and Privileged Remote Access solutions.”
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) are secure, VPN-less solutions designed to manage, monitor, and control access to IT systems. RS enables help desks to troubleshoot devices (PCs, servers, IoT) anywhere, while PRA secures and audits access for privileged users and third-party vendors to critical infrastructure, often enforcing zero-trust principles.
Vulnerability Details
BeyondTrust Remote Support and Privileged Remote Access are vulnerable to a pre-authentication remote code execution vulnerability that can be triggered through specially crafted client requests. Upon successful exploitation, an unauthenticated remote attacker could execute operating system commands in the context of the site user, potentially leading to system compromise, including unauthorized access, data exfiltration, and service disruption.
Affected Versions
| Product | Affected Versions |
| Remote Support | 25.3.1 and prior |
| Privileged Remote Access | 24.3.4 and prior |
Mitigation
| Product | Remediation/Fix Available |
| Remote Support | Patch BT26-02-RS (v21.3 – 25.3.1) |
| Privileged Remote Access | Patch BT26-02-PRA (v22.1 – 24.X) |
| All PRA versions 25.1 and greater do not require patching for this vulnerability |
Please refer to the BeyondTrust Security Advisory for more information.
Qualys Detection
Qualys customers can scan their devices with QID 733671 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://www.beyondtrust.com/trust-center/security-advisories/bt26-02
Comments are closed.