BeyondTrust has issued patches for two critical vulnerabilities in its Remote Support and Privileged Remote Access products, which could be exploited by unauthenticated attackers to gain control of vulnerable devices. The most severe flaw, tracked as CVE-2026-40138, carries a CVSS score of 9.2 and exists as a pre-authentication vulnerability, allowing attackers to bypass authentication mechanisms1. This vulnerability significantly expands the active attack surface, making it a high-priority concern for organizations using the affected products. The updates address these flaws, preventing potential takeovers of susceptible devices. Organizations should prioritize patching based on their exposure and evidence of exploitation. The disclosure of CVE-2026-40138 underscores the importance of timely patch management to prevent attackers from seizing control of vulnerable systems. This matters to security practitioners because it highlights the need for prompt action to mitigate the risk of authentication bypass attacks.