Patch now! Attackers targeting BeyondTrust remote support solutions
Attackers are exploiting a critical vulnerability in BeyondTrust Remote Support and Privileged Remote Access. Security patches are available.
(Image: Sashkin/Shutterstock.com)
Admins managing PCs in companies with BeyondTrust Remote Support or Privileged Remote Access should update their remote support software immediately. Attackers are currently exploiting a vulnerability that allows malicious code to be injected into systems.
Background
A security researcher from watchTowr on X is warning about the attacks. They point out that if systems are not patched, they are highly likely to be compromised. The “critical” vulnerability (CVE-2026-1731) was discovered by security researchers from Hacktron.
The versions Remote Support 25.3.2 and Privileged Remote Access 25.1.1, which are secured against the ongoing attacks, have been available for a few days but have obviously not yet been installed universally. Since support for versions prior to 21.3 and 22.1 has been discontinued, there are no more security patches. Updates are only available for download after upgrading to a current version.
For SaaS customers, the patches have been installed by the software manufacturer. Admins of on-premise instances must act now. The security researchers from Hacktron state that around 8,500 potentially vulnerable on-premise instances are publicly accessible.
Videos by heise
Attacks are said to be possible remotely and without authentication. Subsequently, attackers can gain full control over computers. Attackers are said to read get_portal_info to gain access to X-Ns-Company identifiers. They then set up a WebSocket. After that, they can execute malicious code. The extent to which the attacks are occurring is currently unknown. It is also unclear which specific parameters admins can use to identify already attacked instances.
(des)
