BeyondTrust has issued patches for two critical vulnerabilities in its Remote Support and Privileged Remote Access products, which could be exploited by unauthenticated attackers to gain control of vulnerable devices. The most severe flaw, tracked as CVE-2026-40138, carries a CVSS score of 9.2 and exists as a pre-authentication vulnerability, allowing attackers to bypass authentication mechanisms1. This vulnerability significantly expands the active attack surface, making it a high-priority concern for organizations using the affected products. The updates address these flaws, preventing potential takeovers of susceptible devices. Organizations should prioritize patching based on their exposure and evidence of exploitation. The disclosure of CVE-2026-40138 underscores the importance of timely patch management to prevent attackers from seizing control of vulnerable systems. This matters to security practitioners because it highlights the need for prompt action to mitigate the risk of authentication bypass attacks.
BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
⚠️ Critical Alert
Why This Matters
CVE-2026-40138 disclosure expands the active attack surface — prioritize based on your exposure and exploitation evidence.
References
- The Hacker News. (2026, July 7). BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA. *The Hacker News*. https://thehackernews.com/2026/07/beyondtrust-patches-critical-auth.html
Original Source
The Hacker News
Read original →