CVE-2026-40138

BeyondTrust · Remote Support

A pre-authentication vulnerability in the BeyondTrust Remote Support and Privileged Remote Access authentication subsystem allows attackers to bypass access controls.

Executive summary

A critical pre-authentication vulnerability in BeyondTrust Remote Support and Privileged Remote Access allows attackers to bypass security controls and gain unauthorized administrative access.

Vulnerability

This is a pre-authentication vulnerability located within the authentication subsystem. Improper validation of authentication data allows a network-positioned attacker to bypass access controls, provided specific authentication configurations are enabled.

Business impact

Given the central role these products play in privileged access management, the risk of unauthorized access is extreme, reflected by the CVSS score of 9.2. Successful exploitation could allow an attacker to hijack the appliance and gain elevated privileges across the entire managed environment.

Remediation

Immediate Action: Upgrade BeyondTrust Remote Support and Privileged Remote Access to version 26.2.1 or 25.3.3, depending on the current branch, to patch the authentication subsystem.

Proactive Monitoring: Monitor authentication logs for failed and successful logins originating from unusual network paths or during off-hours.

Compensating Controls: Temporarily disable the specific authentication configurations noted in the vendor advisory until the patch can be verified and applied.

Exploitation status

Public Exploit Available: False

Analyst recommendation

BeyondTrust appliances are high-value targets for attackers seeking to move laterally within a network. Organizations must apply the vendor-provided patches immediately to secure these critical privileged access points.