Skip to main content

Leica Biosystems Remote Service – Product Security Advisory Notification

2026 February 6
CVE-2026-1731

Background
Leica Biosystems has been notified of a critical pre-authentication remote code execution (RCE) vulnerability in BeyondTrust's Remote Support (RS) and Privileged Remote Access (PRA) software.

Leica Biosystems has completed an evaluation of its products for potential impact and determined the following: Remote Services utilizes BeyondTrust Remote Support, which was affected by the identified vulnerability. Only BOND systems with Remote Services enabled were impacted. BeyondTrust applied an automatic patch to remove the vulnerability from the Remote Services cloud instance on 2 February 2026. Leica Biosystems is not aware of any exploitation of this vulnerability within its products. No further action is required on any BOND system to further remediate this vulnerability.

Product Status

Product Status Regarding BeyondTrust vulnerability Recommendations and Comments
Aperio AT2 (DX) Not Vulnerable BeyondTrust's software is not present.
Aperio CS2 Not Vulnerable BeyondTrust's software is not present.
Aperio eSlide Manager Not Vulnerable BeyondTrust's software is not present.
Aperio GT 450 (DX) Not Vulnerable BeyondTrust's software is not present.
Aperio ImageScope (DX) Not Vulnerable BeyondTrust's software is not present.
Aperio LV1 Not Vulnerable BeyondTrust's software is not present.
Aperio Scanner Administration Manager (SAM) Server for GT 450 (DX) Not Vulnerable BeyondTrust's software is not present.
Aperio VERSA Not Vulnerable BeyondTrust's software is not present.
Aperio WebViewer DX Not Vulnerable BeyondTrust's software is not present.
BOND-ADVANCE, BOND Controller Not Vulnerable BeyondTrust's software is not present.
BOND-III Not Vulnerable BeyondTrust's software is not present.
BOND-MAX Not Vulnerable BeyondTrust's software is not present.
BOND-PRIME Not Vulnerable BeyondTrust's software is not present.
BOND RX, BOND RXm Not Vulnerable BeyondTrust's software is not present.
CEREBRO Not Vulnerable BeyondTrust's software is not present.
CytoVision Not Vulnerable BeyondTrust's software is not present.
HistoCore Arcadia C Not Vulnerable BeyondTrust's software is not present.
HistoCore Arcadia H Not Vulnerable BeyondTrust's software is not present.
HistoCore PEARL Not Vulnerable BeyondTrust's software is not present.
HistoCore PEGASUS (PLUS) Not Vulnerable BeyondTrust's software is not present.
HistoCore PELORIS 3 Not Vulnerable BeyondTrust's software is not present.
HistoCore SPECTRA CV Not Vulnerable BeyondTrust's software is not present.
HistoCore SPECTRA ST Not Vulnerable BeyondTrust's software is not present.
HistoCore SPIRIT ST Not Vulnerable BeyondTrust's software is not present.
HistoCore SPRING ST Not Vulnerable BeyondTrust's software is not present.
Leica ASP200 (S),
Leica ASP300 (S)
Not Vulnerable BeyondTrust's software is not present.
Leica ASP6025 (S) Not Vulnerable BeyondTrust's software is not present.
Leica CV5030 Not Vulnerable BeyondTrust's software is not present.
Leica IP C Not Vulnerable BeyondTrust's software is not present.
Leica IP S Not Vulnerable BeyondTrust's software is not present.
Leica ST4020 Not Vulnerable BeyondTrust's software is not present.
Leica ST5010 Not Vulnerable BeyondTrust's software is not present.
Leica ST5020 Not Vulnerable BeyondTrust's software is not present.
Leica TP1020 Not Vulnerable BeyondTrust's software is not present.
PELORIS, PELORIS II Not Vulnerable BeyondTrust's software is not present.
Remote Service Software Potentially Vulnerable Required security patches addressing CVE-2026-1731 
were installed on all applicable BeyondTrust (BT) Remote Support and Privileged Remote Access instances. This vulnerability was remediated through BeyondTrust Patch BT26‑02, ensuring that the Remote Services environment remained secure and compliant.
LIS Connect Not Vulnerable BeyondTrust's software is not present.
PathDX Not Vulnerable BeyondTrust's software is not present.
ThermoBrite Elite Not Vulnerable BeyondTrust's software is not present.