CVE-2026-40138
BeyondTrust · Remote Support
A pre-authentication vulnerability in the BeyondTrust Remote Support and Privileged Remote Access authentication subsystem allows attackers to bypass access controls.
Executive summary
A critical pre-authentication vulnerability in BeyondTrust Remote Support and Privileged Remote Access allows attackers to bypass security controls and gain unauthorized administrative access.
Vulnerability
This is a pre-authentication vulnerability located within the authentication subsystem. Improper validation of authentication data allows a network-positioned attacker to bypass access controls, provided specific authentication configurations are enabled.
Business impact
Given the central role these products play in privileged access management, the risk of unauthorized access is extreme, reflected by the CVSS score of 9.2. Successful exploitation could allow an attacker to hijack the appliance and gain elevated privileges across the entire managed environment.
Remediation
Immediate Action: Upgrade BeyondTrust Remote Support and Privileged Remote Access to version 26.2.1 or 25.3.3, depending on the current branch, to patch the authentication subsystem.
Proactive Monitoring: Monitor authentication logs for failed and successful logins originating from unusual network paths or during off-hours.
Compensating Controls: Temporarily disable the specific authentication configurations noted in the vendor advisory until the patch can be verified and applied.
Exploitation status
Public Exploit Available: False
Analyst recommendation
BeyondTrust appliances are high-value targets for attackers seeking to move laterally within a network. Organizations must apply the vendor-provided patches immediately to secure these critical privileged access points.