EXECUTIVE SUMMARY:
Four security vulnerabilities have been identified in BeyondTrust Remote Support and Privileged Remote Access products. These flaws include pre-authentication access control bypass, denial-of-service, and improper input validation issues. Since these appliances are trusted to manage sensitive environments, the business impact is severe. Successful exploitation could enable attackers to hijack privileged accounts, breach internal networks, and cause significant service disruption. Organizations face substantial risks regarding data confidentiality and system integrity, necessitating prompt evaluation to prevent unauthorized system compromise.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY:
Four security vulnerabilities have been identified in BeyondTrust Remote Support and Privileged Remote Access products. These flaws include pre-authentication access control bypass, denial-of-service, and improper input validation issues. Since these appliances are trusted to manage sensitive environments, the business impact is severe. Successful exploitation could enable attackers to hijack privileged accounts, breach internal networks, and cause significant service disruption. Organizations face substantial risks regarding data confidentiality and system integrity, necessitating prompt evaluation to prevent unauthorized system compromise.[emaillocker id="1283"]
CVE-2026-40138 with a CVSS score of 9.2 – This vulnerability stems from improper authentication validation, allowing unauthenticated attackers to send malformed requests and bypass access controls to gain unauthorized access.
CVE-2026-40139 with a CVSS score of 9.2 – This flaw results from improper authentication validation that permits unauthenticated remote attackers to bypass access controls when specific configurations are active.
CVE-2026-40140 with a CVSS score of 8.7 – This vulnerability involves insufficient client input validation that enables unauthenticated attackers to trigger uncontrolled resource consumption and cause a denial of service.
CVE-2026-40141 with a CVSS score of 8.5 – This flaw allows authenticated users with specific permissions to access unintended resources due to improper neutralization of special elements in data query logic.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/cve-2026-40138-beyondtrust-pre-authentication-vulnerability/