BeyondTrust fixes critical pre-auth bug allowing remote code execution
BeyondTrust patched a critical pre-auth flaw in Remote Support and PRA that could let attackers execute code remotely. BeyondTrust released security updates to address a critical flaw, tracked as CVE-2026-1731 (CVSS score of 9.9), in its Remote Support and older Privileged Remote Access products. The bug could allow an unauthenticated attacker to send specially crafted […]
Pierluigi Paganini
February 09, 2026
BeyondTrust released security updates to address a critical flaw, tracked as CVE-2026-1731 (CVSS score of 9.9), in its Remote Support and older Privileged Remote Access products. The bug could allow an unauthenticated attacker to send specially crafted requests and run operating system commands remotely, without logging in. The issue, disclosed on February 6, 2026, could lead to full remote code execution if exploited, making the updates essential to prevent abuse.
Related breach coverage
- Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release2026-02-13
Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit became public. This week BeyondTrust released security updates to address the critical flaw in its Remote Support […]
- Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager2026-03-22
Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager. Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992 (CVSS score of 9.8), affecting Identity Manager and Web Services Manager. The flaw lets unauthenticated attackers over HTTP take control of Oracle Identity Manager and Web […]
- Cisco fixes critical UCCX flaw allowing Root command execution2025-11-07
Cisco patched a critical flaw in its Unified Contact Center Express (UCCX) software that allowed attackers to execute commands with root privileges. Cisco released security updates to address a critical vulnerability, tracked as CVE-2025-20354 (CVSS score 9.8), in the Unified Contact Center Express (UCCX) software. An attacker can exploit the flaw to execute commands with root […]
- Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-346212026-04-12
Adobe addressed a critical Acrobat Reader vulnerability, tracked as CVE-2026-34621, which is actively exploited to run malicious code. Adobe released emergency updates to address a critical vulnerability, tracked as CVE-2026-34621 (CVSS score of 8.6), in Adobe Acrobat Reader, which is being actively exploited. The flaw could allow attackers to execute malicious code on affected systems, […]