BeyondTrust Fixes Critical Remote Code Execution Vulnerability

BeyondTrust has addressed a critical remote code execution vulnerability (CVE-2026-1731) in its Remote Support (RS) and Privileged Remote Access (PRA) solutions. This flaw, discovered and reported by a security researcher, is easy to exploit and does not require prior authentication. BeyondTrust advises self-hosted customers to apply the patch as soon as possible. Unlike the zero-day vulnerability in Remote Support (CVE-2024-12356) exploited by threat actors linked to China to compromise the U.S. Department of the Treasury at the end of 2024, this new vulnerability has not yet been exploited.