{"id":286658,"date":"2026-07-07T01:16:00","date_gmt":"2026-07-07T05:16:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/07\/07\/beyondtrust-patches-critical-auth-bypass-flaws-in-remote-support-and-pra\/"},"modified":"2026-07-07T05:05:09","modified_gmt":"2026-07-07T09:05:09","slug":"beyondtrust-patches-critical-auth-bypass-flaws-in-remote-support-and-pra","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/07\/07\/beyondtrust-patches-critical-auth-bypass-flaws-in-remote-support-and-pra\/","title":{"rendered":"BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/beyondtrust-patches-critical-auth.html\">BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/beyondtrust-patches-critical-auth.html\">https:\/\/thehackernews.com\/2026\/07\/beyondtrust-patches-critical-auth.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-07-07 01:16:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Jul 07, 2026<\/span><\/span><span class=\"p-tags\">Vulnerability \/ Enterprise Security<\/span><\/p>\n<p>BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices.<\/p>\n<p>The vulnerabilities are listed below &#8211;<\/p>\n<ul>\n<li>CVE-2026-40138 (CVSS score: 9.2) &#8211; A pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access stemming from improper validation of authentication data that could allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges.<\/li>\n<li>CVE-2026-40139 (CVSS score: 9.2) &#8211; A pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support stemming from improper processing of authentication requests that could allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges.<\/li>\n<li>CVE-2026-40140 (CVSS score: 8.7) &#8211; A pre-authentication vulnerability in the network communication subsystem stemming from insufficient validation of client-supplied input that could allow an unauthenticated remote attacker to trigger a denial-of-service condition, affecting appliance availability.<\/li>\n<li>CVE-2026-40141 (CVSS score: 8.5) &#8211; A vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access stemming from insufficient validation of user-supplied input that could allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope.<\/li>\n<\/ul>\n<p>It&#8217;s worth noting that the successful exploitation of CVE-2026-40138 and CVE-2026-40139 hinges on a specific authentication configuration being enabled. In the case of CVE-2026-40141, exploitation, should it&#8230;<\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/07\/beyondtrust-patches-critical-auth.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA https:\/\/thehackernews.com\/2026\/07\/beyondtrust-patches-critical-auth.html Publish Date: 2026-07-07&#8230;<\/p>\n","protected":false},"author":1,"featured_media":286659,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEim5I3ndx1DHNKSznD7AT_CM4ApiaXDfZcQAwsCSDnHq7u8dkGcOzway-IBZJ44bFJintaRMSry4yHbaacESRFOJsRC_UBV6N9l_K4ICcqWsZ2E4zQ5BGibAkxjxm0qPYiiLEvAvDizmPZVYwXC6jN9pgB5G-3xZ9ifiEWisKsZoi9rBjJN1mepJjPl61s9\/s1600\/bt.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-286658","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286658"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=286658"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286658\/revisions"}],"predecessor-version":[{"id":286660,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/286658\/revisions\/286660"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/286659"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=286658"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=286658"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=286658"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}