Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable web app, low complexity, but requires an authenticated permissioned account (PR:L); injection crosses an authorization boundary (S:C) to disclose data, so C:H with no integrity/availability impact.
Primary rating from Vendor (BT).
CVSS VectorVendor: BT
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope. Exploitation is restricted to accounts with specific permissions.
AnalysisAI
Improper data-query neutralization (NoSQL injection) in the web application component of BeyondTrust Remote Support and Privileged Remote Access allows an authenticated, low-privileged attacker to manipulate input parameters and read resources or data beyond their authorization scope. The flaw enables information disclosure across authorization boundaries and, per the vendor's CVSS 4.0 vector, can impact downstream systems. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must hold a valid, authenticated account on the BeyondTrust Remote Support or Privileged Remote Access web application, and that account must possess the specific permissions the advisory notes are required - the vulnerable code path is only reachable by accounts with those permissions. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor CVSS 4.0 base score is 8.5 (High) with vector AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H - network-reachable, low complexity, no user interaction, but requiring low privileges (PR:L). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A third-party vendor or contractor holding a limited BeyondTrust account with the relevant permission crafts malicious query operators inside a web request parameter. Because input is not neutralized before reaching the backend data query (NoSQL injection), the manipulated query returns session records, credentials metadata, or resources belonging to other tenants/scopes. … |
| Remediation | Consult BeyondTrust Security Advisory BT26-03 (https://www.beyondtrust.com/trust-center/security-advisories/bt26-03) and apply the vendor-provided update for the affected Remote Support / Privileged Remote Access appliance version - the exact fixed version is not included in this dataset and should be taken directly from the advisory. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Conduct inventory of all BeyondTrust Remote Support and Privileged Remote Access deployments; disable or restrict access to users not requiring active use. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Remote Support
View allBeyondTrust Remote Support (RS) and older versions of Privileged Remote Access (PRA) contain a critical pre-authenticati
Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which ca
Server-Side Template Injection (SSTI) vulnerability in the chat feature of Citrix Remote Support (RS) and Privileged Rem
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injectio
Authentication bypass in BeyondTrust Remote Support (and the related Privileged Remote Access product) lets an unauthent
Pre-authentication access-control bypass in BeyondTrust Remote Support and Privileged Remote Access appliances lets a ne
Denial-of-service in BeyondTrust Remote Support and Privileged Remote Access appliances lets an unauthenticated remote a
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijac
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacke
Same technique Nosql Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41889
GHSA-v5xx-3hcf-fm67