CVE-2026-40141
BeyondTrust · Remote Support and Privileged Remote Access
A vulnerability in the web application component of BeyondTrust Remote Support and Privileged Remote Access allows authenticated users to exploit improper neutralization of data query logic.
Executive summary
An authenticated vulnerability in BeyondTrust Remote Support and Privileged Remote Access allows attackers with low-level access to potentially compromise data and system integrity.
Vulnerability
This vulnerability (CWE-943) involves improper neutralization of special elements in data query logic within a web application component. Exploitation requires the attacker to have at least low-level authenticated access to the system.
Business impact
The CVSS score of 8.5 reflects the potential for unauthorized data access and integrity compromise. By manipulating query logic, an attacker could potentially extract sensitive information or alter system states, undermining the security of the privileged access management environment and posing a significant reputational and operational risk.
Remediation
Immediate Action: Apply vendor security updates to version 26.2.1, 25.3.3, or later as specified in the vendor advisory (BT26-03).
Proactive Monitoring: Review access logs for unusual queries or unexpected database interactions originating from authenticated user accounts.
Compensating Controls: Enforce the principle of least privilege for user accounts to limit the potential impact of an authenticated attacker, and utilize WAF rules to detect SQL-injection-style patterns in web requests.
Exploitation status
Public Exploit Available: false
Analyst recommendation
While this vulnerability requires authentication, the impact on a privileged access management system is severe. Administrators must prioritize updating these systems to the latest version to prevent unauthorized data access or manipulation by compromised or malicious user accounts.