← All stories
● Covered by 1 source · 1 reportHigh impact

BeyondTrust Patches Critical Authentication Vulnerabilities in Remote Support Products

Aggregated by BrevFeed security · updated 2h ago
🔖 Save

BeyondTrust released patches for critical vulnerabilities in its Remote Support and Privileged Remote Access products. Exploitation could allow attackers to gain unauthorized access and control over devices, posing significant security risks.

Key points

Overview of Vulnerabilities

BeyondTrust has identified and patched critical vulnerabilities in its Remote Support and Privileged Remote Access products. These vulnerabilities, if exploited, could allow unauthenticated attackers to take control of affected devices.

Details of the Vulnerabilities

The vulnerabilities include CVE-2026-40138 and CVE-2026-40139, both with a CVSS score of 9.2, which enable pre-authentication bypassing of access controls. CVE-2026-40140, rated at 8.7, can lead to denial-of-service conditions. CVE-2026-40141, with a score of 8.5, allows limited access to unintended resources under specific conditions.

Conditions for Exploitation

Successful exploitation of CVE-2026-40138 and CVE-2026-40139 requires specific authentication configurations. CVE-2026-40141 is limited to authenticated users with specific permission levels.

Source of Vulnerabilities

BeyondTrust discovered these vulnerabilities through ongoing security assessments, utilizing both proprietary tools and publicly available AI models, such as Anthropic Claude Opus 4.8. The company emphasizes the urgency of applying the patches due to the potential severity of the threats.

✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors — check the original sources. How BrevFeed works →

Primary sources

CVE CVE-2026-401389.2 CRITICAL CVE CVE-2026-401399.2 CRITICAL CVE CVE-2026-401408.7 HIGH CVE CVE-2026-401418.5 HIGH CVE CVE-2024-123569.8 CRITICAL CVE CVE-2026-17319.8 CRITICAL

Reporting from

BeyondTrust released patches for critical vulnerabilities in its Remote Support and Privileged Remote Access products. Exploitation could allow attackers to gain unauthorized access and control over devices, posing significant security risks.