Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN155 _____________________________________________________________________ DATE : 12/02/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running BeyondTrust Remote Support versions prior to Patch BT26-02-RS (v21.3 - 25.3.1), BeyondTrust Privileged Remote Access versions prior to Patch BT26-02-PRA (v22.1 - 24.X). ===================================================================== https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 _____________________________________________________________________ Advisory ID: BT26-02 CVSSv4 score: 9.9 CVSSv4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:H/SA:L Issue Date: 2026-02-06 Updated On: 2026-02-10 CVE: CVE-2026-1731 CWE: CWE-78 Synopsis: Remote code execution in Remote Support (RS) and Privileged Remote Access (PRA) Impacted Product: Remote Support (RS) and Privileged Remote Access (PRA) Summary BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user. Details BeyondTrust Remote Support and older versions of Privileged Remote Access contain a critical pre-authentication remote code execution vulnerability that may be triggered through specially crafted client requests. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption. Mitigation A patch has been applied to all Remote Support SaaS and Privileged Remote Access SaaS customers as of Feb 2, 2026 that remediates this vulnerability. Self-hosted customers of Remote Support and Privileged Remote Access should manually apply the patch if their instance is not subscribed to automatic updates in their /appliance interface. Customers on a Remote Support version older than 21.3 or on Privileged Remote Access older than 22.1 will need to upgrade to a newer version to apply this patch. Self-hosted customers of PRA may also upgrade to 25.1.1 or a newer version to remediate this vulnerability. Affected Versions Product Affected Versions Remote Support 25.3.1 and prior Privileged Remote Access 24.3.4 and prior Fixed Versions Product Remediation/Fix Available Remote Support Patch BT26-02-RS (v21.3 - 25.3.1) Privileged Remote Access Patch BT26-02-PRA (v22.1 - 24.X) All PRA versions 25.1 and greater do not require patching for this vulnerability Acknowledgements We would like to thank Harsh Jaiswal and the Hacktron AI team for responsibly disclosing this vulnerability to BeyondTrust. Hacktron AI identified this vulnerability through their novel approach to AI-enabled variant analysis. Their thorough research and cooperative engagement enabled us to investigate, remediate, and communicate this issue in a timely manner to help protect our customers. References https://www.cve.org/CVERecord?id=CVE-2026-1731 https://nvd.nist.gov/vuln/detail/CVE-2026-1731 https://beyondtrustcorp.service-now.com/csm?id=csm_kb_article&sysparm_a rticle=KB0023293 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================