Authentication Bypass Vulnerability in BeyondTrust Remote Support
CVE-2026-40139

9.2CRITICAL

Key Information:

Vendor
CVE Published:
6 July 2026

What is CVE-2026-40139?

A significant vulnerability exists in the authentication subsystem of BeyondTrust Remote Support, allowing for improper handling of authentication requests. This flaw can enable an unauthenticated remote attacker to bypass established access controls, potentially granting unauthorized access to sensitive areas of the appliance, including high-privilege accounts. Successful exploitation is contingent upon specific authentication configuration settings being enabled.

Affected Version(s)

Privileged Remote Access 0 < 26.2.1

Privileged Remote Access 0 < 25.3.3

Remote Support 0 < 26.2.1

References

CVSS V4

Score:
9.2
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.