Skip to main content

BeyondTrust Remote Support CVE-2026-40141

| EUVDEUVD-2026-41889 HIGH
Improper Neutralization of Special Elements in Data Query Logic (CWE-943)
2026-07-06 BT GHSA-v5xx-3hcf-fm67
8.5
CVSS 4.0 · Vendor: BT
Share

Severity by source

Vendor (BT) PRIMARY
8.5 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
7.7 HIGH

Network-reachable web app, low complexity, but requires an authenticated permissioned account (PR:L); injection crosses an authorization boundary (S:C) to disclose data, so C:H with no integrity/availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Primary rating from Vendor (BT).

CVSS VectorVendor: BT

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Patch available
Jul 06, 2026 - 18:02 EUVD
Analysis Generated
Jul 06, 2026 - 17:07 vuln.today

DescriptionCVE.org

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope. Exploitation is restricted to accounts with specific permissions.

AnalysisAI

Improper data-query neutralization (NoSQL injection) in the web application component of BeyondTrust Remote Support and Privileged Remote Access allows an authenticated, low-privileged attacker to manipulate input parameters and read resources or data beyond their authorization scope. The flaw enables information disclosure across authorization boundaries and, per the vendor's CVSS 4.0 vector, can impact downstream systems. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate with low-privileged account
Delivery
Identify vulnerable input parameter
Exploit
Inject crafted NoSQL query operators
Execution
Bypass authorization scope
Impact
Exfiltrate unintended resources or data

Vulnerability AssessmentAI

Exploitation The attacker must hold a valid, authenticated account on the BeyondTrust Remote Support or Privileged Remote Access web application, and that account must possess the specific permissions the advisory notes are required - the vulnerable code path is only reachable by accounts with those permissions. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The vendor CVSS 4.0 base score is 8.5 (High) with vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H - network-reachable, low complexity, no user interaction, but requiring low privileges (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A third-party vendor or contractor holding a limited BeyondTrust account with the relevant permission crafts malicious query operators inside a web request parameter. Because input is not neutralized before reaching the backend data query (NoSQL injection), the manipulated query returns session records, credentials metadata, or resources belonging to other tenants/scopes. …
Remediation Consult BeyondTrust Security Advisory BT26-03 (https://www.beyondtrust.com/trust-center/security-advisories/bt26-03) and apply the vendor-provided update for the affected Remote Support / Privileged Remote Access appliance version - the exact fixed version is not included in this dataset and should be taken directly from the advisory. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Conduct inventory of all BeyondTrust Remote Support and Privileged Remote Access deployments; disable or restrict access to users not requiring active use. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-1731 CRITICAL POC
9.8 Feb 06

BeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authenticati

CVE-2015-0935 HIGH POC
7.5 May 25

Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to

CVE-2024-12356 CRITICAL POC
9.8 Dec 17

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which ca

CVE-2025-5309 CRITICAL
9.8 Jun 16

Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Rem

CVE-2023-4310 CRITICAL
9.8 Sep 05

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injectio

CVE-2026-40139 CRITICAL
9.2 Jul 06

Authentication bypass in BeyondTrust Remote Support (and the related Privileged Remote Access product) lets an unauthent

CVE-2026-40138 CRITICAL
9.2 Jul 06

Pre-authentication access-control bypass in BeyondTrust Remote Support and Privileged Remote Access appliances lets a ne

CVE-2026-40140 HIGH
8.7 Jul 06

Denial-of-service in BeyondTrust Remote Support and Privileged Remote Access appliances lets an unauthenticated remote a

CVE-2017-5996 HIGH
7.8 Oct 26

The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijac

CVE-2024-12686 HIGH
7.2 Dec 18

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacke

Share

CVE-2026-40141 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy