CVE-2026-40138
BeyondTrust Privileged Remote Access Client Analyse et atténuation des vulnérabilités

Aperçu

CVE-2026-40138 is a critical pre-authentication authentication bypass vulnerability in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access (PRA). Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled on the target appliance. Affected versions include Remote Support and Privileged Remote Access prior to 25.3.3 and prior to 26.2.1. The vulnerability was published on July 6, 2026, and carries a CVSS v4.0 base score of 9.2 (Critical) (GitHub Advisory, BeyondTrust Advisory).

Détails techniques

The root cause is classified as CWE-287 (Improper Authentication): the authentication subsystem fails to properly validate authentication data submitted by a remote actor, allowing the actor's identity claim to be accepted without sufficient proof. The attack vector is network-based, requiring no privileges and no user interaction, though exploitation requires both high attack complexity and the presence of a specific authentication configuration (Attack Requirements: Present). An attacker positioned on the network can craft authentication requests that bypass access controls and gain access to privileged accounts on the appliance. No public proof-of-concept code or detailed technical write-up has been disclosed as of the time of publication (GitHub Advisory, BeyondTrust Advisory).

Impact

Successful exploitation allows an unauthenticated, network-positioned attacker to bypass authentication controls and gain unauthorized access to the BeyondTrust appliance, potentially including accounts with elevated privileges. Given that BeyondTrust Remote Support and Privileged Remote Access are enterprise remote access platforms commonly used to manage privileged sessions and credentials across organizational infrastructure, a compromise could expose sensitive credentials, enable lateral movement to managed endpoints, and result in full loss of confidentiality, integrity, and availability of the affected system. The CVSS v4.0 scoring reflects high impact across all three pillars (confidentiality, integrity, availability) for the vulnerable system (GitHub Advisory, Feedly).

Indicateurs de compromis

  • Logs: Unexpected successful authentication events in BeyondTrust appliance logs from unfamiliar IP addresses or at unusual times, particularly for privileged accounts; authentication log entries that do not correspond to known user activity or expected authentication flows.
  • Network: Unusual inbound authentication requests to the BeyondTrust appliance from external or unexpected network sources; anomalous session establishment for privileged accounts without corresponding legitimate user activity.
  • Behavioral: Privileged account sessions initiated without corresponding helpdesk tickets or change records; unexpected administrative actions performed via the BeyondTrust console such as account creation, configuration changes, or credential access.

Atténuation et solutions de contournement

BeyondTrust has released patched versions addressing this vulnerability: Remote Support and Privileged Remote Access versions 25.3.3 and 26.2.1 or later. Organizations should apply the available patch immediately. As a configuration-based mitigation, administrators should review and disable any non-essential authentication configurations, particularly the specific authentication method required for exploitation (details in the vendor advisory). Additionally, implement network segmentation and access controls to restrict which systems can reach BeyondTrust appliance authentication endpoints, and monitor authentication logs for suspicious access attempts (BeyondTrust Advisory, GitHub Advisory).

Réactions de la communauté

The vulnerability received broad coverage from security media outlets including BleepingComputer, The Hacker News, GBHackers, and CyberSecurityNews shortly after disclosure on July 6, 2026 (BleepingComputer, The Hacker News). The SANS Internet Storm Center also discussed the vulnerability in a podcast episode, reflecting community interest given BeyondTrust's history of high-profile vulnerabilities. Social media activity on platforms including Mastodon and Bluesky highlighted the critical severity and the pre-authentication nature of the flaw, with the DarkWebInformer account drawing attention to the access control bypass aspect. The vulnerability was noted alongside a related flaw (CVE-2026-40139), with coverage emphasizing the risk to enterprise remote access infrastructure.

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Apparenté BeyondTrust Privileged Remote Access Client Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2026-1731CRITICAL9.9
  • BeyondTrust Privileged Remote Access Client logoBeyondTrust Privileged Remote Access Client
  • cpe:2.3:a:beyondtrust:privileged_remote_access
OuiOuiFeb 06, 2026
CVE-2026-40139CRITICAL9.2
  • BeyondTrust Privileged Remote Access Client logoBeyondTrust Privileged Remote Access Client
  • cpe:2.3:a:beyondtrust:privileged_remote_access
NonOuiJul 06, 2026
CVE-2026-40138CRITICAL9.2
  • BeyondTrust Privileged Remote Access Client logoBeyondTrust Privileged Remote Access Client
  • cpe:2.3:a:beyondtrust:privileged_remote_access
NonOuiJul 06, 2026
CVE-2026-40140HIGH8.7
  • BeyondTrust Privileged Remote Access Client logoBeyondTrust Privileged Remote Access Client
  • cpe:2.3:a:beyondtrust:remote_support
NonOuiJul 06, 2026
CVE-2026-40141HIGH8.5
  • BeyondTrust Privileged Remote Access Client logoBeyondTrust Privileged Remote Access Client
  • cpe:2.3:a:beyondtrust:privileged_remote_access
NonOuiJul 06, 2026

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités