Multiple Vulnerabilities in BeyondTrust Products
9 July 2026
Attackers can exploit multiple vulnerabilities in BeyondTrust's Remote Support and Privileged Remote Access products to bypass access controls and gain unauthorised access, cause a denial of service, or access unintended resources. Patch immediately.
Background
BeyondTrust has released security updates to address multiple vulnerabilities (CVE-2026-40138, CVE-2026-40139, CVE-2026-40140, and CVE-2026-40141) affecting their secure remote access products, BeyondTrust Remote Support and BeyondTrust Privileged Remote Access. The vulnerabilities have Common Vulnerability Scoring System (CVSSv3.1) scores of: CVE-2026-40138 at 8.1, CVE-2026-40139 at 9.8, CVE-2026-40140 at 7.5, and CVE-2026-40141 at 9.9, out of 10.
Impact
Successful exploitation of these vulnerabilities could allow an unauthenticated attacker to bypass access controls and gain unauthorised access to the appliance under specific configurations, trigger a denial-of-service condition, or an authenticated attacker with limited privileges to access unintended resources or data beyond their authorisation scope.
Affected Products
These vulnerabilities affect the following products:
BeyondTrust Remote Support versions before 25.3.3
BeyondTrust Privileged Remote Access versions before 25.3.3
Recommendations
Users and administrators of affected products are advised to update to the latest versions immediately.
References
https://www.beyondtrust.com/trust-center/security-advisories/bt26-03
https://nvd.nist.gov/vuln/detail/CVE-2026-40138
https://nvd.nist.gov/vuln/detail/CVE-2026-40139
