BeyondTrust has alerted users to a critical security vulnerability in its Remote Support (RS) and Privileged Remote Access (PRA) software, identified as CVE-2026-1731. This flaw allows unauthenticated attackers to execute arbitrary code remotely via an OS command injection. It affects versions 25.3.1 and earlier of Remote Support and 24.3.4 and earlier of Privileged Remote Access. Attackers can exploit this vulnerability through specially crafted client requests, requiring no user interaction or authentication. BeyondTrust has already secured its cloud systems but recommends that on-premises users manually upgrade to Remote Support 25.3.2 or later and Privileged Remote Access 25.1.1 or later. Approximately 11,000 systems are exposed to the internet, with around 8,500 of those being on-premises installations potentially vulnerable if not patched. Although there's currently no evidence of active exploitation of CVE-2026-1731, BeyondTrust has a history of being targeted. For instance, two years ago, hackers exploited zero-day vulnerabilities to compromise 17 Remote Support SaaS instances, leading to a significant breach involving the U.S. Treasury. The U.S. Treasury later linked this breach to the Silk Typhoon group, a Chinese state-backed hacking entity, which reportedly stole sensitive documents. Following earlier incidents, the Cybersecurity and Infrastructure Security Agency (CISA) added one of the vulnerabilities to its Known Exploited Vulnerabilities catalog, requiring U.S. agencies to secure their networks promptly. BeyondTrust serves over 20,000 customers, including 75% of Fortune 100 companies, emphasizing the need for timely updates to protect against these risks.