Home

Description

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled

PUBLISHED Reserved 2026-04-09 | Published 2026-07-06 | Updated 2026-07-07 | Assigner BT




CRITICAL: 9.2CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-287 Improper Authentication

Product status

Default status
unaffected

Any version
affected

Default status
unaffected

Any version
affected

References

www.beyondtrust.com/trust-center/security-advisories/bt26-03

cve.org (CVE-2026-40138)

nvd.nist.gov (CVE-2026-40138)

Download JSON