Overview
Hacktron AI’s agents identified a critical pre-authentication remote code execution (RCE) vulnerability in BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA). This has been assigned CVE-2026-1731 with a CVSS 9.9 critical score.
This vulnerability was discovered through our AI-enabled variant analysis capabilities and was responsibly disclosed to BeyondTrust.
Impact
Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user.
Given that BeyondTrust Remote Support and Privileged Remote Access are widely deployed in enterprise environments for remote access and privileged session management, the potential blast radius of this vulnerability is significant.
Affected Versions
| Product | Affected Versions |
|---|---|
| Remote Support (RS) | 25.3.1 and prior |
| Privileged Remote Access (PRA) | 24.3.4 and prior |
Fixed Versions
| Product | Fixed Versions |
|---|---|
| Remote Support (RS) | Patch BT26-02-RS 25.3.2 and later |
| Privileged Remote Access (PRA) | Patch BT26-02-PRA 25.1.1 and later |
Exposure Analysis
Our analysis for BeyondTrust Remote Support deployments via Shodan/Fofa:
- Approximately 11,000 instances are exposed to the internet including both cloud and on-prem deployments
- About ~8,500 of those are on-prem deployments which remain potentially vulnerable if patches aren’t applied.
- Industries where BeyondTrust’s RS solutions are commonly deployed — large enterprises, healthcare, financial services, government, and hospitality.
At this time, we are withholding technical details to allow affected parties sufficient time to apply patches. We strongly recommend addressing this vulnerability promptly, as exploitation is straightforward.
Recommended Actions for CVE-2026-1731
- Cloud/SaaS customers: BeyondTrust has applied a patch to all Remote Support SaaS customers as of February 2, 2026.
- Self-hosted customers of Remote Support and Privileged Remote Access should manually apply the patch if their instance is not subscribed to automatic updates.
We strongly recommend all affected organizations apply the patch immediately.
Disclosure Timeline
| Date | Event |
|---|---|
| 2026-01-31 | Hacktron AI identifies the vulnerability through AI-enabled variant analysis |
| 2026-01-31 | Initial disclosure report submitted to BeyondTrust security team |
| 2026-01-31 | BeyondTrust confirms the vulnerability and begins patch development |
| 2026-02-02 | BeyondTrust patches cloud deployments and releases patch for on-prem |
| 2026-02-06 | BeyondTrust and Hacktron AI release advisory and CVE publication |
Vendor Response
We want to acknowledge that BeyondTrust handled this disclosure exceptionally well. From the moment we submitted our initial report, their security team was responsive, professional, and transparent throughout the entire process. They confirmed the vulnerability promptly, developed and deployed a patch to SaaS customers within 2 days, and coordinated closely with us on the public disclosure timeline.
About the Discovery
This vulnerability was identified by Hacktron AI as part of our AI-enabled variant analysis work. Our autonomous scans are designed to discover vulnerability classes and variants across enterprise software at scale. This finding demonstrates the effectiveness of combining AI-driven analysis with security research expertise to uncover critical vulnerabilities before they can be exploited in the wild.
References
Hacktron AI is committed to improving the security of the software ecosystem through responsible disclosure. If you have questions about this advisory, contact us at hello@hacktron.ai.