BeyondTrust Remote Support and Privileged Remote Access Security Advisory: BT26-03
Action Required
BeyondTrust has published Security Advisory BT26-03 (https://www.beyondtrust.com/trust-center/security-advisories) relating to multiple vulnerabilities affecting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA).
Customers using self-hosted BeyondTrust Remote Support or Privileged Remote Access should review their current versions and ensure that the relevant security updates have been applied.
Impact
The advisory includes Critical and High severity vulnerabilities. The most severe vulnerabilities may allow an unauthenticated attacker to bypass access controls and gain unauthorised access to the appliance under specific configurations. Additional vulnerabilities may result in service disruption, unintended data access, or elevated access by an authenticated user with specific permissions.
The affected versions are:
- Remote Support RS 25.3.2 or lower
- Privileged Remote Access PRA 25.3.2 or lower
Current Status
BeyondTrust has confirmed that patches have already been applied to all RS/PRA cloud customers.
Self-hosted customers should apply the relevant April 2026 Security Rollup for their deployed version where automatic updates are not enabled, or upgrade to:
- Remote Support RS 25.3.3 or above
- Privileged Remote Access PRA 25.3.3 or above
Recommended Action
Customers should review the BeyondTrust BT26-03 Security Advisory and confirm whether their environment is affected.
Where required, customers should apply the relevant security rollup or upgrade to the fixed versions as soon as possible, particularly where Remote Support or Privileged Remote Access is externally accessible.
Advisory ID: BT26-02
CVE-2026-1731
BeyondTrust Remote Support and older versions of Privileged Remote Access contain a critical pre-authentication remote code execution vulnerability that may be triggered through specially crafted client requests. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption.
- Synopsis: Remote code execution in Remote Support (RS) and Privileged Remote Access (PRA)
- Affected Product: Remote Support (RS) and Privileged Remote Access (PRA)
Observed exploitation activity has been limited to internet-facing, self-hosted environments where the patch had not been applied before February 9, 2026.
Important: BeyondTrust is strongly encouraging all self-hosted customers who had internet-exposed instances that remained unpatched as of February 9 to take immediate action to apply the recommended updates and open a “Severity 1” ticket to BeyondTrust support, citing “BT26-02” in the description.
Affected Versions:
Remote Support – 25.3.1 and prior
Privileged Remote Access – 24.3.4 and prior
Remote Support / Privileged Remote Access – BT26-02 critical vulnerability patch for RS and PRA
BeyondTrust have released a Critical Vulnerability Patch. All Privileged Remote Access and Remote Support customers, particularly those with on-prem installations, should review details and apply mitigations where applicable.
Affected Version:
> Privileged Remote Access (PRA) version 24.3.4 and lower
> Remote Support 25.3.1 and lower
Patch details:
For SaaS Implementation:
> Patch BT26-02-PRA or BT26-02-RS has been applied to all SaaS instances as of February 2, 2026, that remediates this vulnerability.
For On-Premise Implementation:
> The vulnerability can be mitigated by upgrading to 25.1.1
BeyondTrust: CVE-2025-2297 & CVE-2025-6250
We would like to inform you about two recently published high severity vulnerabilities in Privilege Management for Windows.
Summary
· CVE-2025-2297: This high severity vulnerability in Privilege Management for Windows allows for a local authenticated attacker to elevate privileges.
· CVE-2025-6250: This high severity vulnerability in Privilege Management for Windows allows for a local authenticated attacker with elevated privileges to bypass anti-tamper protections.
Who May Be Impacted
Privilege Management for Windows customers on the versions prior to 25.4.270.0
Resolution and Mitigation
Both vulnerabilities have been addressed in Privilege Management for Windows 25.4.270.0. At the time of the CVE’s release on July 28th, all cloud tenants will have been upgraded to 25.4. Customers can push version 25.4.270.0 to clients to remediate this vulnerability.
Want to dive deeper? Check it out here:

