Skip to main content

BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access

Advisory addresses 2 critical impact and 2 high impact vulnerabilities

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Advisory addresses 2 critical impact and 2 high impact vulnerabilities


Threat details

Introduction

BeyondTrust has released a security advisory to address 4 vulnerabilities in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments.


Vulnerability details

  • CVE-2026-40138 – Improper Authentication (CWE-287) – CVSS v4 score: 9.2 (critical)
  • CVE-2026-40139 – Improper Authentication (CWE-287) – CVSSv4 score: 9.2 (critical) 
  • CVE-2026-40140 – Uncontrolled Resource Consumption that could lead to a denial-of-service condition – CVSSv4 score: 8.7 (high) 
  • CVE-2026-40141 – Improper Neutralisation of Special Elements in Data Query Logic – CVSSv4 score: 8.5 (high) 

Remediation advice

Affected organisations are encouraged to review the BeyondTrust Security Advisory BT26-03, and apply the relevant updates.



CVE Vulnerabilities

Last edited: 7 July 2026 3:33 pm