{"id":211552,"date":"2026-02-09T03:03:00","date_gmt":"2026-02-09T08:03:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/02\/09\/beyondtrust-fixes-critical-pre-auth-rce-vulnerability-in-remote-support-and-pra\/"},"modified":"2026-02-09T08:25:08","modified_gmt":"2026-02-09T13:25:08","slug":"beyondtrust-fixes-critical-pre-auth-rce-vulnerability-in-remote-support-and-pra","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/02\/09\/beyondtrust-fixes-critical-pre-auth-rce-vulnerability-in-remote-support-and-pra\/","title":{"rendered":"BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/beyondtrust-fixes-critical-pre-auth-rce.html\">BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/beyondtrust-fixes-critical-pre-auth-rce.html\">https:\/\/thehackernews.com\/2026\/02\/beyondtrust-fixes-critical-pre-auth-rce.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-02-09 03:03:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Feb 09, 2026<\/span><\/span><span class=\"p-tags\">Enterprise Security \/ Network Security<\/span><\/p>\n<p>BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution.<\/p>\n<p>&#8220;BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability,&#8221; the company said in an advisory released February 6, 2026.<\/p>\n<p>&#8220;By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.&#8221;<\/p>\n<p>The vulnerability, categorized as an operating system command injection, has been assigned the CVE identifier <strong>CVE-2026-1731<\/strong>. It&#8217;s rated 9.9 on the CVSS scoring system.<\/p>\n<p>BeyondTrust said successful exploitation of the shortcoming could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user, resulting in unauthorized access, data exfiltration, and service disruption.<\/p>\n<p>The issue affects the following versions &#8211;<\/p>\n<ul>\n<li>Remote Support versions 25.3.1 and prior<\/li>\n<li>Privileged Remote Access versions 24.3.4 and prior<\/li>\n<\/ul>\n<p>It has been patched in the following versions &#8211;<\/p>\n<ul>\n<li>Remote Support &#8211; Patch BT26-02-RS, 25.3.2 and later<\/li>\n<li>Privileged Remote Access &#8211; Patch BT26-02-PRA, 25.1.1 and later<\/li>\n<\/ul>\n<p>The company is also urging self-hosted customers of Remote Support and Privileged Remote Access to manually apply the patch if their instance is not subscribed to automatic updates. Those running a Remote Support version older than 21.3 or on Privileged Remote Access older than 22.1 are also required to upgrade to a newer version to apply this patch.<\/p>\n<p>&#8220;Self-hosted customers of PRA may also upgrade to 25.1.1 or a newer version to remediate this vulnerability,&#8221; it added.<\/p>\n<p>According to security researcher and Hacktron AI co-founder Harsh Jaiswal, the vulnerability was discovered on January&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/02\/beyondtrust-fixes-critical-pre-auth-rce.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA https:\/\/thehackernews.com\/2026\/02\/beyondtrust-fixes-critical-pre-auth-rce.html Publish Date: 2026-02-09&#8230;<\/p>\n","protected":false},"author":1,"featured_media":211553,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjoSFjfJhHXUMJ0_vAj8LwmTeAMOkqVJomqws8hEaofSam7jnpED75EtkDhrEkofhEd0o_z-gZngp5Ue2kgvyhX3GrQA3gUp3v2H4OmEvpjYQb93gmQNeSppy5WIH6LJNg97OIEAsMXmelNMrq9VR5sN3ZrCnWwgfum_0MUCW5hHoqPQ2gmVxWFGwdr5l2t\/s1600\/bt.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,29,27],"class_list":["post-211552","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-network-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211552"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=211552"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211552\/revisions"}],"predecessor-version":[{"id":211554,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/211552\/revisions\/211554"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/211553"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=211552"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=211552"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=211552"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}