CVE-2026-40139
BeyondTrust Privileged Remote Access Client Analyse et atténuation des vulnérabilités

Aperçu

CVE-2026-40139 is a critical pre-authentication authentication bypass vulnerability in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access (PRA). Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled on the target system. The vulnerability was published on July 6, 2026, and affects versions prior to 25.3.3 and 26.2.1 of both products. It carries a CVSS v4.0 base score of 9.2 (Critical) (GitHub Advisory, ENISA EUVD).

Détails techniques

The root cause is classified as CWE-287 (Improper Authentication), where the authentication subsystem fails to properly validate or process authentication requests under certain configurations. The attack vector is network-based, requiring no privileges and no user interaction, though exploitation does require a specific authentication configuration to be active on the appliance (Attack Requirements: Present in CVSS v4.0 terminology). The precise nature of the misconfiguration or authentication method that enables exploitation has not been publicly disclosed, and no public proof-of-concept code is known to exist at this time. The vulnerability is associated with attack patterns including Authentication Bypass (CAPEC-115), Identity Spoofing (CAPEC-151), and Session Hijacking (CAPEC-593) (GitHub Advisory, ENISA EUVD).

Impact

Successful exploitation allows an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the BeyondTrust appliance, potentially including accounts with elevated privileges. Given that BeyondTrust Remote Support and PRA are enterprise remote access platforms used to manage privileged sessions across organizational infrastructure, a compromise could enable lateral movement, credential harvesting, and full control over managed endpoints. The CVSS v4.0 scoring reflects high impacts to confidentiality, integrity, and availability of the vulnerable system (GitHub Advisory, BleepingComputer).

Atténuation et solutions de contournement

BeyondTrust has released patched versions addressing this vulnerability: 25.3.3 and 26.2.1 for both Remote Support and Privileged Remote Access products. Organizations should apply the available security patch immediately. As an interim measure, administrators should review and validate authentication configuration settings to ensure only necessary authentication methods are enabled, and consider implementing network-level access controls to restrict appliance access to trusted networks and IP ranges until patching is complete (BeyondTrust Advisory, GitHub Advisory).

Réactions de la communauté

The vulnerability received broad coverage from security media outlets including The Hacker News, BleepingComputer, GBHackers, and CyberSecurityNews shortly after disclosure on July 6, 2026 (The Hacker News, BleepingComputer). The SANS Internet Storm Center also covered the vulnerability in a podcast episode, indicating notable community interest (SANS ISC). Coverage highlighted the critical severity and the context of BeyondTrust's prior high-profile vulnerabilities, with some outlets noting that self-hosted servers may remain exposed longer than cloud-managed instances (DeafNews). SOCRadar and Tenable also published analysis and detection pipeline entries for the vulnerability (SOCRadar).

Ressources additionnelles


SourceCe rapport a été généré à l’aide de l’IA

Apparenté BeyondTrust Privileged Remote Access Client Vulnérabilités:

Identifiant CVE

Sévérité

Score

Technologies

Nom du composant

Exploit CISA KEV

A corrigé

Date de publication

CVE-2026-1731CRITICAL9.9
  • BeyondTrust Privileged Remote Access Client logoBeyondTrust Privileged Remote Access Client
  • cpe:2.3:a:beyondtrust:privileged_remote_access
OuiOuiFeb 06, 2026
CVE-2026-40139CRITICAL9.2
  • BeyondTrust Privileged Remote Access Client logoBeyondTrust Privileged Remote Access Client
  • cpe:2.3:a:beyondtrust:privileged_remote_access
NonOuiJul 06, 2026
CVE-2026-40138CRITICAL9.2
  • BeyondTrust Privileged Remote Access Client logoBeyondTrust Privileged Remote Access Client
  • cpe:2.3:a:beyondtrust:privileged_remote_access
NonOuiJul 06, 2026
CVE-2026-40140HIGH8.7
  • BeyondTrust Privileged Remote Access Client logoBeyondTrust Privileged Remote Access Client
  • cpe:2.3:a:beyondtrust:remote_support
NonOuiJul 06, 2026
CVE-2026-40141HIGH8.5
  • BeyondTrust Privileged Remote Access Client logoBeyondTrust Privileged Remote Access Client
  • cpe:2.3:a:beyondtrust:privileged_remote_access
NonOuiJul 06, 2026

Évaluation gratuite des vulnérabilités

Évaluez votre posture de sécurité dans le cloud

Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.

Demander une évaluation

Obtenez une démo personnalisée

Prêt(e) à voir Wiz en action ?

"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
David EstlickRSSI
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
Adam FletcherChef du service de sécurité
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."
Greg PoniatowskiResponsable de la gestion des menaces et des vulnérabilités