Beyondtrust Privileged Remote Access
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Beyondtrust Privileged Remote Access.
By the Year
In 2026 there have been 1 vulnerability in Beyondtrust Privileged Remote Access. Last year, in 2025 Privileged Remote Access had 1 security vulnerability published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Privileged Remote Access in 2026 could surpass last years number.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 2 | 8.20 |
| 2023 | 2 | 8.80 |
It may take a day or so for new Privileged Remote Access vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Beyondtrust Privileged Remote Access Security Vulnerabilities
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability
CVE-2026-1731
- February 06, 2026
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Shell injection
Auth Bypass in BeyondTrust PRA (<25.1) Allows Unauthorized ShellJump View
CVE-2025-0217
- May 05, 2025
BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.
authentification
Command Injection in Privileged Remote Access & Remote Support (PRA/RS)
CVE-2024-12686
6.6 - Medium
- December 18, 2024
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
Shell injection
Unauthenticated Command Injection in PRA/RS Remote Access
CVE-2024-12356
9.8 - Critical
- December 17, 2024
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
Command Injection
BeyondTrust PRA (22.2-22.4) Local Auth Bypass via BYOT Shell
CVE-2023-23632
7.8 - High
- October 12, 2023
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.
authentification
BeyondTrust PRA/RS 23.2.123.2.2 Cmd Injection via HTTP
CVE-2023-4310
9.8 - Critical
- September 05, 2023
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Beyondtrust Privileged Remote Access or by Beyondtrust? Click the Watch button to subscribe.
