{"id":240392,"date":"2026-07-07T07:16:38","date_gmt":"2026-07-07T12:16:38","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/07\/beyondtrust-warns-of-critical-flaws-in-remote-access-software"},"modified":"2026-07-07T07:16:38","modified_gmt":"2026-07-07T12:16:38","slug":"beyondtrust-warns-of-critical-flaws-in-remote-access-software","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/07\/beyondtrust-warns-of-critical-flaws-in-remote-access-software","title":{"rendered":"BeyondTrust warns of critical flaws in remote access software"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/beyondtrust-warns-of-critical-flaws-in-remote-access-software.jpg\"><\/a><\/p>\n<p>BeyondTrust warned customers to patch two critical security flaws in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication.<\/p>\n<p>The first vulnerability, tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-40138\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2026\u201340138<\/a>, affects the company\u2019s RS remote desktop and assistance platform (versions 25.3.2 or earlier) and the PRA enterprise cybersecurity solution (versions 25.3.2 or earlier). This vulnerability stems from an improper authentication weakness in the authentication subsystem, and successful exploitation enables attackers without privileges to bypass access controls and access targeted appliances, including accounts with elevated privileges.<\/p>\n<p>The second one (<a href=\"http:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-40139\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2026\u201340139<\/a>) patched this week stems from improper processing of BeyondTrust RS authentication requests, enabling unauthenticated remote attackers to gain unauthorized access to vulnerable instances.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>BeyondTrust warned customers to patch two critical security flaws in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication. The first vulnerability, tracked as CVE-2026\u201340138, affects the company\u2019s RS remote desktop and assistance platform (versions 25.3.2 or earlier) and the PRA enterprise cybersecurity solution (versions 25.3.2 or [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-240392","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/240392","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=240392"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/240392\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=240392"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=240392"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=240392"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}