Skip to main content

Privilege Remote Access

1 CVEs product

Monthly

CVE-2026-40141 HIGH PATCH NEWS This Week

Improper data-query neutralization (NoSQL injection) in the web application component of BeyondTrust Remote Support and Privileged Remote Access allows an authenticated, low-privileged attacker to manipulate input parameters and read resources or data beyond their authorization scope. The flaw enables information disclosure across authorization boundaries and, per the vendor's CVSS 4.0 vector, can impact downstream systems. No public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation is restricted to accounts holding specific permissions.

Nosql Injection Information Disclosure Remote Support Privilege Remote Access
NVD
CVSS 4.0
8.5
EPSS
0.4%
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Improper data-query neutralization (NoSQL injection) in the web application component of BeyondTrust Remote Support and Privileged Remote Access allows an authenticated, low-privileged attacker to manipulate input parameters and read resources or data beyond their authorization scope. The flaw enables information disclosure across authorization boundaries and, per the vendor's CVSS 4.0 vector, can impact downstream systems. No public exploit identified at time of analysis, and it is not listed in CISA KEV; exploitation is restricted to accounts holding specific permissions.

Nosql Injection Information Disclosure Remote Support +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy