
BeyondTrust Patches Critical Authentication Bypass Vulnerabilities in Remote Support Products
CybersecurityVulnerabilitiesAuthenticationEnterpriseSecurity
BeyondTrust released security updates to address two critical authentication bypass vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) products. The flaws, if exploited, could allow unauthenticated attackers to gain control of affected devices. One of the vulnerabilities is identified as CVE-2026-40138 with a CVSS score of 9.2, classified as a pre-authentication issue. The patches were issued to mitigate the risks, though no specific exploitation attempts or public disclosure dates were mentioned. The affected products are enterprise remote access and support solutions. No additional technical details about the second vulnerability were provided in the available content.