Thousands of organisations running BeyondTrust's remote access tools face immediate risk after an AI security system uncovered a critical pre-authentication vulnerability that requires no user interaction to exploit.
The flaw, tracked as CVE-2026-1731 with a severity score of 9.9 out of 10, affects Remote Support versions 25.3.1 and earlier, plus older Privileged Remote Access builds through 24.3.4. What makes this particularly dangerous: attackers need zero credentials and zero user clicks to execute operating system commands on vulnerable systems.
Hacktron AI, an autonomous vulnerability hunting platform, identified the security gap through what researchers call "AI-enabled variant analysis"—essentially teaching machines to spot code patterns that mirror previously fixed vulnerabilities. The discovery marks a shift in how critical flaws are being found, with AI systems now beating traditional security audits to the punch.
"By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user," BeyondTrust warned in its advisory. Translation: Complete system takeover is possible before anyone even knows an attack is underway.
The exposure couldn't come at a worse time for BeyondTrust. The company's privileged access management tools serve healthcare providers, financial institutions, and government agencies—exactly the high-value targets nation-state actors hunt. Censys researchers estimate roughly 11,000 BeyondTrust instances sit exposed to the internet, with approximately 8,500 self-hosted deployments potentially still vulnerable if patches haven't been applied.
BeyondTrust moved fast once notified. Cloud customers received automatic patches on February 2, just two days after Hacktron's January 31 disclosure. But self-hosted customers face a manual update process, and those running ancient versions (Remote Support pre-21.3 or PRA pre-22.1) must upgrade entirely before the patch even applies.
This isn't BeyondTrust's first rodeo with critical vulnerabilities. The vendor faced similar crises in late 2024 and early 2025, some reportedly exploited by state-sponsored hackers, prompting CISA warnings.
For administrators: If you're running BeyondTrust on-premises, assume you're a target. Apply patch BT26-02-RS or upgrade to version 25.3.2+ for Remote Support, or version 25.1.1+ for Privileged Remote Access. Don't wait for the next security bulletin—this one's already public, and the clock is ticking.