Description
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled
Published: 2026-07-06
Score: 9.2 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Beyondtrust
Beyondtrust privileged Remote Access
Beyondtrust remote Support
Vendors & Products Beyondtrust
Beyondtrust privileged Remote Access
Beyondtrust remote Support

Mon, 06 Jul 2026 16:45:00 +0000

Type Values Removed Values Added
Description A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled
Title Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
Weaknesses CWE-287
References
Metrics cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


Subscriptions

Beyondtrust Privileged Remote Access Remote Support
cve-icon MITRE

Status: PUBLISHED

Assigner: BT

Published:

Updated: 2026-07-06T16:12:42.627Z

Reserved: 2026-04-09T18:36:13.133Z

Link: CVE-2026-40138

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-06T17:30:16Z

Weaknesses