Skip to main content

BeyondTrust Remote Support CVE-2026-40138

| EUVDEUVD-2026-41886 CRITICAL
Improper Authentication (CWE-287)
2026-07-06 BT GHSA-hcrc-2pw3-4v88
9.2
CVSS 4.0 · Vendor: BT
Share

Severity by source

Vendor (BT) PRIMARY
9.2 CRITICAL
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.1 HIGH

Network pre-auth bypass (AV:N/PR:N/UI:N) but gated by a required non-default auth configuration, so AC:H; full appliance compromise gives C:H/I:H/A:H with unchanged scope.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (BT).

CVSS VectorVendor: BT

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Patch available
Jul 06, 2026 - 18:02 EUVD
CVE Published
Jul 06, 2026 - 17:10 cve.org
CRITICAL 9.2
Analysis Generated
Jul 06, 2026 - 17:02 vuln.today

DescriptionCVE.org

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled

AnalysisAI

Pre-authentication access-control bypass in BeyondTrust Remote Support and Privileged Remote Access appliances lets a network-positioned attacker abuse improper authentication-data validation to reach the appliance and take over accounts, including privileged ones. Exploitation only works when a specific authentication configuration is enabled, and success requires overcoming meaningful attack conditions (CVSS 4.0 AC:H/AT:P). …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach appliance auth endpoint over network
Delivery
Identify enabled authentication configuration
Exploit
Submit crafted authentication data
Execution
Bypass improper validation checks
Persist
Gain privileged appliance account
Impact
Pivot to managed privileged systems

Vulnerability AssessmentAI

Exploitation The exploitation prerequisite is explicit: the target appliance must have the specific (non-default) authentication configuration enabled that the advisory references - without that mode active, the bypass does not apply, which is exactly why the CVSS carries AT:P (a present attack requirement) and AC:H. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals partly conflict, so prioritization needs care. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can reach an internet-facing BeyondTrust RS or PRA appliance that has the vulnerable authentication configuration enabled sends crafted authentication data that the subsystem fails to validate correctly, and is admitted without valid credentials. Because the bypass can yield elevated-privilege accounts, the attacker then leverages the appliance's privileged-access role to pivot toward the internal systems it manages. …
Remediation Apply the fix described in BeyondTrust security advisory BT26-03 (https://www.beyondtrust.com/trust-center/security-advisories/bt26-03); the input does not name an exact fixed version, so treat this as patch available per vendor advisory and update to the vendor-designated patched build once confirmed. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-1731 CRITICAL POC
9.8 Feb 06

BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authenticati

CVE-2015-0935 HIGH POC
7.5 May 25

Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to

CVE-2024-12356 CRITICAL POC
9.8 Dec 17

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which ca

CVE-2025-5309 CRITICAL
9.8 Jun 16

Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Rem

CVE-2023-4310 CRITICAL
9.8 Sep 05

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injectio

CVE-2026-40139 CRITICAL
9.2 Jul 06

Authentication bypass in BeyondTrust Remote Support (and the related Privileged Remote Access product) lets an unauthent

CVE-2026-40140 HIGH
8.7 Jul 06

Denial-of-service in BeyondTrust Remote Support and Privileged Remote Access appliances lets an unauthenticated remote a

CVE-2026-40141 HIGH
8.5 Jul 06

Improper data-query neutralization (NoSQL injection) in the web application component of BeyondTrust Remote Support and

CVE-2017-5996 HIGH
7.8 Oct 26

The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijac

CVE-2024-12686 HIGH
7.2 Dec 18

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacke

Share

CVE-2026-40138 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy