A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled
History

Mon, 06 Jul 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Beyondtrust
Beyondtrust privileged Remote Access
Beyondtrust remote Support
Vendors & Products Beyondtrust
Beyondtrust privileged Remote Access
Beyondtrust remote Support

Mon, 06 Jul 2026 16:45:00 +0000

Type Values Removed Values Added
Description A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled
Title Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
Weaknesses CWE-287
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: BT

Published:

Updated: 2026-07-06T16:12:42.627Z

Reserved: 2026-04-09T18:36:13.133Z

Link: CVE-2026-40138

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-06T17:30:16Z