Authentication Bypass Vulnerabilities Patched in BeyondTrust Remote Access Products

BeyondTrust released fixes for two critical pre-authentication bypass vulnerabilities in Remote Support and Privileged Remote Access products.

CSBadmin
2 Min Read

Critical Flaws Identified

BeyondTrust has released security updates to address multiple vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) solutions. The most severe flaws, tracked as CVE-2026-40138 and CVE-2026-40139, carry CVSS scores of 9.2 and involve pre-authentication bypass issues. An unauthenticated attacker positioned on the network could exploit these weaknesses to gain unauthorized access to affected appliances, including accounts with elevated privileges.

Two additional vulnerabilities were also patched. CVE-2026-40140 (CVSS 8.7) is a denial-of-service flaw in the network communication subsystem that could allow an unauthenticated remote attacker to crash the appliance. CVE-2026-40141” target=”_blank” rel=”noopener”>CVE-2026-40141 (CVSS 8.5) is an authenticated vulnerability that could let a user with limited privileges access resources beyond their authorized scope.

Remediation and Context

BeyondTrust noted that successful exploitation of the critical authentication bypass flaws depends on a specific authentication configuration being enabled. The company identified all vulnerabilities internally through ongoing security assessments, with some assistance from publicly available AI models and proprietary research tools.

The issues affect Remote Support version 25.3.2 and lower, as well as Privileged Remote Access version 25.3.2 and lower. Updates have been released in versions RS 25.3.3 and PRA 25.3.3. While BeyondTrust has not reported active exploitation of these particular flaws, previous vulnerabilities in these products (CVE-2024-12356 and CVE-2026-1731) have been exploited in the wild to deploy web shells and backdoors, making prompt patching essential.

Source: The Hacker News

CSBadmin

The latest in cybersecurity news and updates.

Share This Article
Follow:
The latest in cybersecurity news and updates.