CVE-2026-40141

BeyondTrust · Remote Support and Privileged Remote Access

A vulnerability in the web application component of BeyondTrust Remote Support and Privileged Remote Access allows authenticated users to exploit improper neutralization of data query logic.

Executive summary

An authenticated vulnerability in BeyondTrust Remote Support and Privileged Remote Access allows attackers with low-level access to potentially compromise data and system integrity.

Vulnerability

This vulnerability (CWE-943) involves improper neutralization of special elements in data query logic within a web application component. Exploitation requires the attacker to have at least low-level authenticated access to the system.

Business impact

The CVSS score of 8.5 reflects the potential for unauthorized data access and integrity compromise. By manipulating query logic, an attacker could potentially extract sensitive information or alter system states, undermining the security of the privileged access management environment and posing a significant reputational and operational risk.

Remediation

Immediate Action: Apply vendor security updates to version 26.2.1, 25.3.3, or later as specified in the vendor advisory (BT26-03).

Proactive Monitoring: Review access logs for unusual queries or unexpected database interactions originating from authenticated user accounts.

Compensating Controls: Enforce the principle of least privilege for user accounts to limit the potential impact of an authenticated attacker, and utilize WAF rules to detect SQL-injection-style patterns in web requests.

Exploitation status

Public Exploit Available: false

Analyst recommendation

While this vulnerability requires authentication, the impact on a privileged access management system is severe. Administrators must prioritize updating these systems to the latest version to prevent unauthorized data access or manipulation by compromised or malicious user accounts.