Vulnerability Management

BeyondTrust warns of critical flaws in remote access software

(Credit: monticellllo – stock.adobe.com)

BeyondTrust has issued a warning to its customers regarding two critical security vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication. These flaws, if exploited, could grant unauthorized access to sensitive systems and data, with further coverage provided by Bleeping Computer.

The vulnerabilities, tracked as CVE-2026-40138 and CVE-2026-40139, affect specific versions of BeyondTrust's RS and PRA software. CVE-2026-40138 allows unprivileged attackers to bypass access controls and access appliances, including privileged accounts, due to an improper authentication weakness. CVE-2026-40139 enables unauthenticated remote attackers to gain unauthorized access by improperly processing authentication requests. Both require specific authentication configurations to be exploited. BeyondTrust has also addressed two high-severity issues (CVE-2026-40140 and CVE-2026-40141) that could lead to denial-of-service or access to restricted resources.

While BeyondTrust has released patches, nearly 2,000 instances of the software remain exposed online, according to Shadowserver. Past exploitation of BeyondTrust software has been linked to ransomware deployment and state-sponsored espionage campaigns targeting U.S. government agencies.

Source: Bleeping Computer

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds