Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
CVE-2026-40138

9.2CRITICAL

Key Information:

Vendor
CVE Published:
6 July 2026

What is CVE-2026-40138?

A significant pre-authentication vulnerability has been identified in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. This vulnerability arises due to improper validation of authentication data, which could allow an attacker situated within the network to bypass crucial access controls, leading to unauthorized access to the affected appliance. This unauthorized access can include exploitation of accounts with elevated privileges. It’s important to note that for exploitation to occur, a specific authentication configuration must be enabled.

Affected Version(s)

Privileged Remote Access 0 < 26.2.1

Privileged Remote Access 0 < 25.3.3

Remote Support 0 < 26.2.1

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.