Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

BeyondTrust Fixes Critical Pre-Auth RCE Vulnerability in Remote Support and PRA

The Hacker News by The Hacker News
February 9, 2026
Home Cybersecurity
Share on FacebookShare on Twitter


Ravie LakshmananFeb 09, 2026Enterprise Security / Network Security

BeyondTrust has released updates to address a critical security flaw impacting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could result in remote code execution.

“BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability,” the company said in an advisory released February 6, 2026.

“By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.”

The vulnerability, categorized as an operating system command injection, has been assigned the CVE identifier CVE-2026-1731. It’s rated 9.9 on the CVSS scoring system.

BeyondTrust said successful exploitation of the shortcoming could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user, resulting in unauthorized access, data exfiltration, and service disruption.

The issue affects the following versions –

  • Remote Support versions 25.3.1 and prior
  • Privileged Remote Access versions 24.3.4 and prior

It has been patched in the following versions –

  • Remote Support – Patch BT26-02-RS, 25.3.2 and later
  • Privileged Remote Access – Patch BT26-02-PRA, 25.1.1 and later

The company is also urging self-hosted customers of Remote Support and Privileged Remote Access to manually apply the patch if their instance is not subscribed to automatic updates. Those running a Remote Support version older than 21.3 or on Privileged Remote Access older than 22.1 are also required to upgrade to a newer version to apply this patch.

“Self-hosted customers of PRA may also upgrade to 25.1.1 or a newer version to remediate this vulnerability,” it added.

According to security researcher and Hacktron AI co-founder Harsh Jaiswal, the vulnerability was discovered on January 31, 2026, through an artificial intelligence (AI)-enabled variant analysis, adding that it found about 11,000 instances exposed to the internet. Additional details of the flaw have been withheld to give users time to apply the patches.

“About ~8,500 of those are on-prem deployments, which remain potentially vulnerable if patches aren’t applied,” Jaiswal said.

With security flaws in BeyondTrust Privileged Remote Access and Remote Support having come under active exploitation in the past, it’s essential that users update to the latest version as soon as possible for optimal protection.



Source link

The Hacker News

The Hacker News

Next Post
TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

TeamPCP Worm Exploits Cloud Infrastructure to Build Criminal Infrastructure

Recommended.

Handwritten Card Service Handwrytten Releases New Integration for Hubspot

Handwritten Card Service Handwrytten Releases New Integration for Hubspot

July 6, 2026
CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

August 2, 2025

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

This Scammer Used an AI-Generated MAGA Girl to Grift ‘Super Dumb’ Men

April 21, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio