- Description
- A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled.
- Source
- 13061848-ea10-403d-bd75-c83a022c2891
- NVD status
- Analyzed
- Products
- privileged_remote_access, remote_support
CVSS 4.0
- Type
- Secondary
- Base score
- 9.2
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 13061848-ea10-403d-bd75-c83a022c2891
- CWE-287
- Hype score
- Not currently trending
#BeyondTrust patches four vulnerabilities in Remote Support and PRA: CVE-2026-40138 and CVE-2026-40139 (CVSS 9.2) enable unauthenticated auth bypass including privileged account access. CVE-2026-40140 enables pre-auth DoS; CVE-2026-40141 authenticated authz bypass. #patchrelease
@MeridianEU
9 Jul 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Security Bulletin: Critical BeyondTrust Vulnerabilities (CVE-2026-40138 & CVE-2026-40139) BeyondTrust has released fixes for two critical vulnerabilities affecting Remote Support and Privileged Remote Access. https://t.co/RswNaBGYPA
@RedLegg
7 Jul 2026
60 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
BeyondTrust patched a critical pre-authentication vulnerability (CVE-2026-40138, CVE-2026-40139, CVE-2026-40140). Update Remote Support instances now. #BeyondTrust #Vulnerability #CVE202640138 #CyberSecurity #RemoteSupport https://t.co/kB7l7n2xfP
@Daily_CyberSec
6 Jul 2026
627 Impressions
0 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:beyondtrust:privileged_remote_access:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79807D69-2935-4EC4-B34F-3BBFCE1D6EC1",
"versionEndExcluding": "25.3.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:beyondtrust:remote_support:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91823A93-2793-4FA6-AB9B-60E62102AE0E",
"versionEndExcluding": "25.3.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]