CVE-2026-40138
CVE-2026-40138
9.2
CriticalPublished:
Last updated:
Source:13061848-ea10-403d-bd75-c83a022c2891
Analyzed
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Network
- Attack Complexity
- High
- Attack Requirements
- Present
- Privileges Required
- None
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- High
- Availability (Vulnerable)
- High
- Confidentiality (Subsequent)
- None
- Integrity (Subsequent)
- None
- Availability (Subsequent)
- None
Description
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled
References
13061848-ea10-403d-bd75-c83a022c2891
https://www.beyondtrust.com/trust-center/security-advisories/bt26-03