BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Critical BeyondTrust bugs allow unauthenticated device takeover

BeyondTrust issues patches for four critical pre-authentication vulnerabilities in Remote Support and Privileged Remote Access

  • BeyondTrust disclosed four pre-authentication vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) products.
  • Two critical flaws (CVE-2026-40138 and CVE-2026-40139), each carrying a CVSS score of 9.2, could let unauthenticated attackers bypass access controls and gain elevated privileges.
  • Additional vulnerabilities include a denial-of-service flaw (CVE-2026-40140, CVSS 8.7) and an authenticated privilege escalation bug (CVE-2026-40141, CVSS 8.5).
  • BeyondTrust has released patched versions (RS 25.3.3 and PRA 25.3.3) and urges immediate updates, citing past exploitation of similar flaws.

On July 7, 2026, BeyondTrust released urgent security updates to patch four critical vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) products, warning that the most severe flaws could allow unauthenticated attackers to seize control of susceptible appliances. The two most critical issues, CVE-2026-40138 and CVE-2026-40139, both carry a CVSS score of 9.2 and stem from improper validation of authentication data, enabling a network-positioned attacker to bypass access controls and gain elevated privileges.

- Advertisement -

However, successful exploitation of these two critical flaws depends on a specific authentication configuration being enabled on the appliance. Meanwhile, the CVE-2026-40140 vulnerability (CVSS 8.7) is a pre-authentication denial-of-service issue caused by insufficient validation of client-supplied input, which could disrupt appliance availability. Additionally, CVE-2026-40141 (CVSS 8.5) is a privilege escalation flaw that, upon exploitation, is restricted to accounts with specific permissions.

BeyondTrust identified all four vulnerabilities internally during ongoing security assessments, with assistance from publicly available artificial intelligence models like Anthropic Claude Opus 4.8 and its own proprietary research tooling. The company stated, “The most severe vulnerabilities may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance under specific configurations.”

Consequently, BeyondTrust has addressed the issues in versions RS 25.3.3 and PRA 25.3.3 and above. Though no exploitation in the wild has been reported, the company emphasized that similar security flaws in RS and PRA products have been repeatedly exploited in the past to deploy web shells and backdoors, making it essential for users to apply fixes immediately.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

- Advertisement -

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Semiconductors Beat Big Tech, Crypto by 102% in H1

Semiconductor stocks surged 102% in H1 2026, crushing the Magnificent Seven and Bitcoin ...

Crypto Options Skew Hits Record High as Institutional Bid Vanishes

CME futures open interest has dropped to a 32-month low, signaling the institutional bid...

SpaceX Joins Nasdaq-100, Triggering ETF Demand

SpaceX joins the Nasdaq-100 on Tuesday, but its index weight is limited to roughly...

Strategy’s $216M Bitcoin Sale Bolsters BTC and STRC Confidence

Strategy sold 3,588 BTC ($216 million) on Monday to fund preferred stock dividend payments...

Yield Guild Games shuts YGG Play, cuts 35 jobs, pivots to AI

Yield Guild Games is shutting down its crypto game publishing arm, YGG Play, and...

Must Read

What Is a Sim Swap Hack?

You've likely heard the term 'sim-swap,' but do you really know what it means? It's a type of fraud that's rapidly increasing, where scammers...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading