BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
A patch has been applied to all Remote Support & Privileged Remote Access SaaS customers as of Feb 2, 2026 that remediates this vulnerability (No further action is required for these sites).
For the latest information on this Security Advisory from BeyondTrust, please reference the below post on our Trust Portal.
