—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Remote Code Execution Vulnerability in Beyond Trust products

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

Beyond Trust Remote Support 25.3.1 or earlier

Privileged Remote Access 24.3.4 or earlier.

Overview

A vulnerability has been reported in Beyond Trust products, which could allow a remote attacker to execute arbitrary code on the targeted system.

Target Audience:

Organizations and individuals using Beyond Trust products.

Risk Assessment:

Risk of unauthorized remote code execution and potential system compromise.

Impact Assessment:

Exposure of sensitive data or unauthorized access.

Description

Beyond Trust Remote Support (RS) and Privileged Remote Access (PRA) are widely used enter-prise solutions that enable secure remote access, support, and administrative control across IT environments.

This vulnerability exists in Beyond Trust products due to a Server-Side Template Injection (SSTI) vulnerability that could allow a remote attacker to perform unauthorized actions and potentially gain access to the targeted system.

Successful exploitation of this vulnerability could allow a remote attacker to bypass security restrictions and execute arbitrary code on the targeted system.

Solution

Apply appropriate updates as mentioned by the vendor:

https://www.beyondtrust.com/trust-center/security-advisories/bt26-02

Vendor Information

BeyondTrust

https://www.beyondtrust.com/trust-center/security-advisories/bt26-02

References

 

https://www.bleepingcomputer.com/news/security/beyondtrust-warns-of-critical-rce-flaw-in-remote-support-software/

CVE Name

CVE-2026-1731

 

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmmMkfMACgkQ3jCgcSdc

ys8Ezw//VJyJoIHlgf01MUrdClWCc0Apl3759QwsxHKetimvS9gwxvUT59+hM7Sb

Kh63p8XmEHTNjDrcQTdSK24V293JPRYbxaTyFtAyB664m2QbNaeIIOsg6ywLimCg

WB2qfkqIva8SzAg0R/zZrhBkonN27mFHmDzkKE7iDAhXl7Zm2MqX0L6G4dzKzYMF

lz8qPIYpFHtgvH3McB/CZ5+mT7GKC44J/BymnYe21WgGZo9DeL1fFgKKx/vwZw6R

gNjUEBrunxsk1WQIqtd3oTQr0NWqirELqeHSpFgB9WdcABOOilEFyYvcQJZ6LOO0

Fg/gtRx6MUEBVfFCj/4HI8+b08rVQECM+31BMOgFT29ORkOAz1XLm6YDHKGfkFZa

xrHwMyTN5uX+GvPhh5EefsC+XaW8SPK9/k0EfsIfqmHog3/i0Bo4va5Sy20G2raP

Wn0a97cyQyh9U9xebU7nIhX2TWdFRVlzyuF9oTnuo7vUcdHhgvVwfaLFEAOjeJn5

XRNjdXoohXbRU6svr+g9B5uDknTkkosqZC1JyEQ0XfsmZEf9kpNP4xHTm+ptQrq4

R/3OXbNsIQJHxLRnPOh4/xxKVZmsx/jNAHYWj+DTHTgwitgW5YYKvk2pG/WgMbzj

hRBwTEW5RmT7Cs+dIAcuddhH4Qev4oDCK78Fllb5SK91sETwGDo=

=KThP

—–END PGP SIGNATURE—–