Leica Biosystems Remote Service – Product Security Advisory Notification
2026 February 6
CVE-2026-1731
Background
Leica Biosystems has been notified of a critical pre-authentication remote code execution (RCE) vulnerability in BeyondTrust's Remote Support (RS) and Privileged Remote Access (PRA) software.
Leica Biosystems has completed an evaluation of its products for potential impact and determined the following: Remote Services utilizes BeyondTrust Remote Support, which was affected by the identified vulnerability. Only BOND systems with Remote Services enabled were impacted. BeyondTrust applied an automatic patch to remove the vulnerability from the Remote Services cloud instance on 2 February 2026. Leica Biosystems is not aware of any exploitation of this vulnerability within its products. No further action is required on any BOND system to further remediate this vulnerability.
Product Status
| Product | Status Regarding BeyondTrust vulnerability | Recommendations and Comments |
|---|---|---|
| Aperio AT2 (DX) | Not Vulnerable | BeyondTrust's software is not present. |
| Aperio CS2 | Not Vulnerable | BeyondTrust's software is not present. |
| Aperio eSlide Manager | Not Vulnerable | BeyondTrust's software is not present. |
| Aperio GT 450 (DX) | Not Vulnerable | BeyondTrust's software is not present. |
| Aperio ImageScope (DX) | Not Vulnerable | BeyondTrust's software is not present. |
| Aperio LV1 | Not Vulnerable | BeyondTrust's software is not present. |
| Aperio Scanner Administration Manager (SAM) Server for GT 450 (DX) | Not Vulnerable | BeyondTrust's software is not present. |
| Aperio VERSA | Not Vulnerable | BeyondTrust's software is not present. |
| Aperio WebViewer DX | Not Vulnerable | BeyondTrust's software is not present. |
| BOND-ADVANCE, BOND Controller | Not Vulnerable | BeyondTrust's software is not present. |
| BOND-III | Not Vulnerable | BeyondTrust's software is not present. |
| BOND-MAX | Not Vulnerable | BeyondTrust's software is not present. |
| BOND-PRIME | Not Vulnerable | BeyondTrust's software is not present. |
| BOND RX, BOND RXm | Not Vulnerable | BeyondTrust's software is not present. |
| CEREBRO | Not Vulnerable | BeyondTrust's software is not present. |
| CytoVision | Not Vulnerable | BeyondTrust's software is not present. |
| HistoCore Arcadia C | Not Vulnerable | BeyondTrust's software is not present. |
| HistoCore Arcadia H | Not Vulnerable | BeyondTrust's software is not present. |
| HistoCore PEARL | Not Vulnerable | BeyondTrust's software is not present. |
| HistoCore PEGASUS (PLUS) | Not Vulnerable | BeyondTrust's software is not present. |
| HistoCore PELORIS 3 | Not Vulnerable | BeyondTrust's software is not present. |
| HistoCore SPECTRA CV | Not Vulnerable | BeyondTrust's software is not present. |
| HistoCore SPECTRA ST | Not Vulnerable | BeyondTrust's software is not present. |
| HistoCore SPIRIT ST | Not Vulnerable | BeyondTrust's software is not present. |
| HistoCore SPRING ST | Not Vulnerable | BeyondTrust's software is not present. |
| Leica ASP200 (S), Leica ASP300 (S) |
Not Vulnerable | BeyondTrust's software is not present. |
| Leica ASP6025 (S) | Not Vulnerable | BeyondTrust's software is not present. |
| Leica CV5030 | Not Vulnerable | BeyondTrust's software is not present. |
| Leica IP C | Not Vulnerable | BeyondTrust's software is not present. |
| Leica IP S | Not Vulnerable | BeyondTrust's software is not present. |
| Leica ST4020 | Not Vulnerable | BeyondTrust's software is not present. |
| Leica ST5010 | Not Vulnerable | BeyondTrust's software is not present. |
| Leica ST5020 | Not Vulnerable | BeyondTrust's software is not present. |
| Leica TP1020 | Not Vulnerable | BeyondTrust's software is not present. |
| PELORIS, PELORIS II | Not Vulnerable | BeyondTrust's software is not present. |
| Remote Service Software | Potentially Vulnerable | Required security patches addressing CVE-2026-1731 were installed on all applicable BeyondTrust (BT) Remote Support and Privileged Remote Access instances. This vulnerability was remediated through BeyondTrust Patch BT26‑02, ensuring that the Remote Services environment remained secure and compliant. |
| LIS Connect | Not Vulnerable | BeyondTrust's software is not present. |
| PathDX | Not Vulnerable | BeyondTrust's software is not present. |
| ThermoBrite Elite | Not Vulnerable | BeyondTrust's software is not present. |