Remote Support / Privileged Remote Access – BT26-02 critical vulnerability patch for RS and PRA
BeyondTrust have released a Critical Vulnerability Patch. All Privileged Remote Access and Remote Support customers, particularly those with on-prem installations, should review details and apply mitigations where applicable.
Affected Version:
> Privileged Remote Access (PRA) version 24.3.4 and lower
> Remote Support 25.3.1 and lower
Patch details:
For SaaS Implementation:
> Patch BT26-02-PRA or BT26-02-RS has been applied to all SaaS instances as of February 2, 2026, that remediates this vulnerability.
For On-Premise Implementation:
> The vulnerability can be mitigated by upgrading to 25.1.1
CA26-02 & CA26-03: High Severity Vulnerabilities in Central Password Management
CyberArk has disclosed high severity vulnerabilities affecting Central Password Management in both self-hosted deployments (versions prior to 14.6.3) and Privilege Cloud environments (versions prior to 14.8). Customers should review the security bulletins (CA26-02, CA26-03) to understand their exposure and apply the recommended fixes as soon as possible.
SIA: Support for named instance connections in vaulted SQL Server targets
Secure Infrastructure Access (SIA) now supports connecting to specific SQL Server named instances by specifying the port and instance name when using vaulted credentials. Since enterprises commonly run multiple SQL instances on a single host, this closes a gap that previously made SIA impractical for complex database environments.
SIA: On-premises Windows connections to IP-based targets using ZSP
Secure Infrastructure Access (SIA) now allows users to establish RDP connections to on-prem Windows targets by IP address while maintaining Zero Standing Privileges. This is particularly useful for environments where DNS infrastructure or FQDNs aren’t available, removing a common deployment blocker for extending ZSP coverage across legacy or segmented networks.
