BeyondTrust Releases Security Advisory for Remote Support & Privileged Remote Access
Advisory addresses 2 critical impact and 2 high impact vulnerabilities
Summary
Advisory addresses 2 critical impact and 2 high impact vulnerabilities
Affected platforms
The following platforms are known to be affected:
Threat details
Introduction
BeyondTrust has released a security advisory to address 4 vulnerabilities in the Remote Support and Privileged Remote Access systems. Remote Support allows authorised individuals such as IT Helpdesk staff to connect to remote systems. Privileged Remote Access facilitates just-in-time secure access to enterprise environments.
Vulnerability details
- CVE-2026-40138 – Improper Authentication (CWE-287) – CVSS v4 score: 9.2 (critical)
- CVE-2026-40139 – Improper Authentication (CWE-287) – CVSSv4 score: 9.2 (critical)
- CVE-2026-40140 – Uncontrolled Resource Consumption that could lead to a denial-of-service condition – CVSSv4 score: 8.7 (high)
- CVE-2026-40141 – Improper Neutralisation of Special Elements in Data Query Logic – CVSSv4 score: 8.5 (high)
Remediation advice
Affected organisations are encouraged to review the BeyondTrust Security Advisory BT26-03, and apply the relevant updates.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 7 July 2026 3:33 pm