CVE Tools
Back to feed
BleepingComputer ·EN-US News source Patch releasedRemote Support (RS)Privileged Remote Access (PRA)

BeyondTrust warns of critical flaws in remote access software

By Sergiu Gatlan··2 min read
CVE Tools coverage

BeyondTrust has disclosed critical issues in its Remote Support (RS) and Privileged Remote Access (PRA) products that could let attackers bypass authentication and reach protected appliances. The company cites CVE-2026-40138 (RS and PRA versions 25.3.2 or earlier) and CVE-2026-40139, where improper handling of RS authentication requests could allow unauthenticated remote attackers to gain unauthorized access.

BeyondTrust also released fixes for CVE-2026-40140 and CVE-2026-40141 affecting unpatched RS and PRA instances, which can lead to denial-of-service or unintended access to restricted resources, making patching urgent.