Toggle light / dark theme

BeyondTrust warns of critical flaws in remote access software

BeyondTrust warned customers to patch two critical security flaws in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication.

The first vulnerability, tracked as CVE-2026–40138, affects the company’s RS remote desktop and assistance platform (versions 25.3.2 or earlier) and the PRA enterprise cybersecurity solution (versions 25.3.2 or earlier). This vulnerability stems from an improper authentication weakness in the authentication subsystem, and successful exploitation enables attackers without privileges to bypass access controls and access targeted appliances, including accounts with elevated privileges.

The second one (CVE-2026–40139) patched this week stems from improper processing of BeyondTrust RS authentication requests, enabling unauthenticated remote attackers to gain unauthorized access to vulnerable instances.

Leave a Comment

Lifeboat Foundation respects your privacy! Your email address will not be published.

/* */