CVE-2026-40141 – BeyondTrust Remote Support
“When authentication breaks before login, attackers don't need an invitation.”
BeyondTrust released security updates for Remote Support and Privileged Remote Access to address multiple Critical and High-severity vulnerabilities. The most severe issues affect the authentication subsystem and could allow unauthenticated attackers to bypass access controls and gain unauthorized access to affected appliances, including privileged accounts, when a specific authentication configuration is enabled. Additional fixes address a pre-authentication denial-of-service vulnerability and an authorization issue that could expose unintended resources to authenticated users with limited privileges.
CVE-2026-40138 has a CVSS score of 9.2, which is Critical severity. CVE-2026-40139 has a CVSS score of 9.2, which is Critical severity. CVE-2026-40140 has a CVSS score of 8.7, which is High severity. CVE-2026-40141 has a CVSS score of 8.5, which is High severity. Verified exploitation has not been reported.
Key Details
- Affected Product
- Beyondtrust Privileged Remote Access
- Attack Vector
- Network
- Attack Complexity
- Low
- Privileges Required
- Low
- User Interaction
- None
- CWE Classification
- CWE-943