Home/News/BeyondTrust Fixes Critical Remote Support and PRA Flaws
The Hacker News2 min read

BeyondTrust Fixes Critical Remote Support and PRA Flaws

BeyondTrust released updates this week to address two critical security flaws in its Remote Support (RS) and Privileged Remote Access (PRA) products. These vulnerabilities, if exploited, could enable unauthenticated attackers to gain complete control over affected devices. The first flaw, identified as CVE-2026-40138, carries a CVSS score of 9.2, indicating a critical severity. This pre-authentication vulnerability exists within the product's core functionality, allowing attackers to bypass standard security checks before any authentication is required.

The second vulnerability, CVE-2026-40139, also rated as critical with a CVSS score of 9.3, is an authentication bypass flaw. This means attackers can circumvent the login process entirely. Successful exploitation of CVE-2026-40139 could grant attackers elevated privileges, enabling them to execute commands and potentially take over the compromised systems. Both vulnerabilities were discovered and reported by security researchers, prompting BeyondTrust to issue immediate patches.

BeyondTrust has provided patches for both Remote Support and Privileged Remote Access. Customers are strongly advised to apply these updates as soon as possible to mitigate the risk of exploitation. The company has not disclosed specific details on whether these vulnerabilities have been actively exploited in the wild, but the critical nature of the flaws necessitates prompt action. The patches are available through the standard update channels for both products, and BeyondTrust recommends verifying successful installation after applying the updates.

Original source — read the full reporting at the publisher:

Read on The Hacker News

Read next