BeyondTrust released patches for critical vulnerabilities in its Remote Support and Privileged Remote Access products. Exploitation could allow attackers to gain unauthorized access and control over devices, posing significant security risks.
BeyondTrust has identified and patched critical vulnerabilities in its Remote Support and Privileged Remote Access products. These vulnerabilities, if exploited, could allow unauthenticated attackers to take control of affected devices.
The vulnerabilities include CVE-2026-40138 and CVE-2026-40139, both with a CVSS score of 9.2, which enable pre-authentication bypassing of access controls. CVE-2026-40140, rated at 8.7, can lead to denial-of-service conditions. CVE-2026-40141, with a score of 8.5, allows limited access to unintended resources under specific conditions.
Successful exploitation of CVE-2026-40138 and CVE-2026-40139 requires specific authentication configurations. CVE-2026-40141 is limited to authenticated users with specific permission levels.
BeyondTrust discovered these vulnerabilities through ongoing security assessments, utilizing both proprietary tools and publicly available AI models, such as Anthropic Claude Opus 4.8. The company emphasizes the urgency of applying the patches due to the potential severity of the threats.
✨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors — check the original sources. How BrevFeed works →
BeyondTrust released patches for critical vulnerabilities in its Remote Support and Privileged Remote Access products. Exploitation could allow attackers to gain unauthorized access and control over devices, posing significant security risks.