🔴 Critical  |  Source: The Hacker News


BeyondTrust has patched two critical authentication bypass vulnerabilities in its Remote Support and Privileged Remote Access (PRA) products, including CVE-2026-40138 which carries a CVSS score of 9.2. The flaws can be exploited by unauthenticated attackers, potentially granting full control of affected systems. Given that these products are widely used to manage privileged access to enterprise and cloud infrastructure, the blast radius of a successful exploit is significant.

Security Architect’s Take: Apply BeyondTrust’s patches immediately — these products sit at the heart of privileged access workflows and an unauthenticated takeover could expose your entire managed estate. If patching cannot be done immediately, consider restricting network access to BeyondTrust appliances to trusted IP ranges and reviewing recent access logs for anomalous activity.

Original advisory: BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA