Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
CVE-2026-40138
9.2CRITICAL
What is CVE-2026-40138?
A significant pre-authentication vulnerability has been identified in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. This vulnerability arises due to improper validation of authentication data, which could allow an attacker situated within the network to bypass crucial access controls, leading to unauthorized access to the affected appliance. This unauthorized access can include exploitation of accounts with elevated privileges. It’s important to note that for exploitation to occur, a specific authentication configuration must be enabled.
Affected Version(s)
Privileged Remote Access 0 < 26.2.1
Privileged Remote Access 0 < 25.3.3
Remote Support 0 < 26.2.1
