BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
Overview
BeyondTrust has issued urgent updates to fix two serious vulnerabilities in its Remote Support and Privileged Remote Access products. These flaws, identified as CVE-2026-40138 and another unnamed vulnerability, could allow attackers to gain control over affected devices without needing authentication. The vulnerabilities score a high 9.2 on the CVSS scale, indicating their severity. Users of BeyondTrust's Remote Support and PRA should prioritize applying these updates to mitigate the risk of unauthorized access. With the potential for exploitation, this situation underscores the importance of timely patch management in maintaining security.
Key Takeaways
- Affected Systems: BeyondTrust Remote Support, BeyondTrust Privileged Remote Access
- Action Required: Users should apply the latest updates released by BeyondTrust to address the vulnerabilities.
- Timeline: Newly disclosed
Original Article Summary
BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices. The vulnerabilities are listed below - CVE-2026-40138 (CVSS score: 9.2) - A pre-authentication vulnerability exists in the
Impact
BeyondTrust Remote Support, BeyondTrust Privileged Remote Access
Exploitation Status
The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.
Timeline
Newly disclosed
Remediation
Users should apply the latest updates released by BeyondTrust to address the vulnerabilities. Specific patch numbers or version details were not provided in the article.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.
Related Topics: This incident relates to CVE, Vulnerability, Patch, and 1 more.