41 matches found
CVE-2026-40139
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...
EUVD-2026-41889
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...
CVE-2026-40141
Technical details (affected product versions, root cause, fixes) are not publicly available in the provided documents; monitor for updates.
CVE-2026-40140 High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...
EUVD-2026-41888
BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...
CVE-2026-40140
BeyondTrust Remote Support and Privileged Remote Access are affected by CVE-2026-40140, a pre-authentication vulnerability in the network communication subsystem. The issue stems from insufficient validation of client-supplied input, enabling an unauthenticated remote attacker to trigger a denial...
CVE-2026-40139 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...
EUVD-2026-41887
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...
CVE-2026-40139
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts...
CVE-2026-40139
BeyondTrust Remote Support authentication subsystem contains a critical pre-authentication vulnerability (CVE-2026-40139). Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including...
CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...
CVE-2026-40138
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...
CVE-2026-40138
CVE-2026-40138 is a critical pre-authentication vulnerability in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. The underlying issue is improper validation of authentication data, which could let a network-positioned attacker bypass access controls and ga...
Exploit for OS Command Injection in Beyondtrust Privileged_Remote_Access
CVE-2026-1731 — BeyondTrust Remote Support & PRA Pre-auth RCE...
BeyondTrust Flaw Used for Web Shells, Backdoors, and Data Exfiltration
Threat actors have been observed exploiting a recently disclosed critical security flaw impacting BeyondTrust Remote Support RS and Privileged Remote Access PRA products to conduct a wide range of malicious actions, including deploying VShell and Spark RAT. The vulnerability, tracked as...
Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support RS and Privileged Remote Access PRA products, according to watchTowr. "Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan...
BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability
BeyondTrust Remote Support RS and Privileged Remote Access PRAcontain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no...
Exploit for CVE-2026-1731
CVE-2026-1731 BeyondTrust Remote Support Pre-Auth RCE PoC...
BeyondTrust Remote Support (RS) < 25.3.2 Pre-Authentication RCE (BT26-02)
The version of BeyondTrust Remote Support RS running on the remote host is prior to 25.3.2. It is, therefore, potentially affected by a pre-authentication remote code execution vulnerability: - By sending specially crafted requests, an unauthenticated remote attacker may be able to execute...
VulnCheck KEV: CVE-2026-1731
BeyondTrust Remote Support RS and certain older versions of Privileged Remote Access PRA contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the...