
PEACH
Un cadre d’isolation des locataires
CVE-2026-40141 is a high-severity authorization bypass vulnerability in BeyondTrust Remote Support and Privileged Remote Access (PRA) caused by insufficient validation of user-supplied input parameters in a web application component. An authenticated attacker with limited privileges and specific permissions can exploit this flaw to access unintended resources or data beyond their authorization scope. Affected versions include Remote Support and Privileged Remote Access prior to 25.3.3 and prior to 26.2.1. It was published on July 6, 2026, and carries a CVSS v4.0 base score of 8.5 (High) (GitHub Advisory, BeyondTrust Advisory).
The root cause is classified as CWE-943 (Improper Neutralization of Special Elements in Data Query Logic), which is associated with CAPEC-676 (NoSQL Injection). The vulnerability arises when user-supplied input parameters are processed by a web application component without adequate sanitization, potentially allowing crafted input to alter the intended query logic and retrieve data outside the attacker's authorization scope. Exploitation requires network access, low privileges, no user interaction, and no special attack requirements, making it relatively straightforward for any authenticated user with the relevant permissions (GitHub Advisory, BeyondTrust Advisory).
Successful exploitation allows an authenticated attacker to access confidential resources or data beyond their intended authorization scope within the vulnerable system, with high confidentiality impact on both the vulnerable and subsequent systems. Additionally, subsequent systems face high integrity and availability impacts, suggesting the potential for broader compromise beyond the initial access point. While direct code execution is not indicated, unauthorized data access in privileged remote access platforms could expose sensitive credentials, session data, or managed endpoint information, facilitating lateral movement within an enterprise environment (GitHub Advisory).
BeyondTrust has released patched versions addressing this vulnerability: Remote Support and Privileged Remote Access versions 25.3.3 and 26.2.1 or later are not affected. Organizations should upgrade to these fixed versions as the primary remediation step. As interim measures, applying the principle of least privilege to limit the accounts that hold the specific permissions required for exploitation, and monitoring for unauthorized access attempts to resources beyond normal user authorization levels, are recommended (BeyondTrust Advisory, GitHub Advisory).
The vulnerability received coverage from multiple security news outlets shortly after disclosure, including The Hacker News, BleepingComputer, CybersecurityNews, and GBHackers, often grouped with related BeyondTrust flaws disclosed simultaneously (The Hacker News, BleepingComputer). Coverage emphasized the risk to enterprise remote access infrastructure given BeyondTrust's role in privileged access management. SOCRadar also published a dedicated blog post analyzing the fixes (SOCRadar). Community sentiment reflected heightened concern given BeyondTrust's history of high-profile vulnerabilities in prior years.
Source: Ce rapport a été généré à l’aide de l’IA
Évaluation gratuite des vulnérabilités
Évaluez vos pratiques de sécurité cloud dans 9 domaines de sécurité pour évaluer votre niveau de risque et identifier les failles dans vos défenses.
Obtenez une démo personnalisée
"La meilleure expérience utilisateur que j’ai jamais vue, offre une visibilité totale sur les workloads cloud."
"Wiz fournit une interface unique pour voir ce qui se passe dans nos environnements cloud."
"Nous savons que si Wiz identifie quelque chose comme critique, c’est qu’il l’est réellement."