Close Menu
    What's Hot

    President Rings Stock Market Opening Bell to Celebrate Trump Accounts

    South Korea Strengthens Law to Curb Spread of Fake News

    Switzerland vs Colombia: World Cup last 16: Prediction, start time and news | World Cup 2026 News

    Facebook X (Twitter) Instagram
    Trending
    • President Rings Stock Market Opening Bell to Celebrate Trump Accounts
    • South Korea Strengthens Law to Curb Spread of Fake News
    • Switzerland vs Colombia: World Cup last 16: Prediction, start time and news | World Cup 2026 News
    • Cut the Alien Jokes, These Mysterious Spheres Are Likely Space Debris
    • Explosions Hit Damascus as Macron Visits
    • How Palestinians Are Building a Digital Archive That Can’t Be Erased
    • Roadside rescuers may still bump up against a driverless future
    • Microsoft Is An AI Diamond That’s Stronger Than Semiconductors (NASDAQ:MSFT)
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

    adminBy adminJuly 7, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananJul 07, 2026Vulnerability / Enterprise Security

    BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA

    BeyondTrust has released updates to address two critical security flaws affecting Remote Support (RS) and Privileged Remote Access (PRA) products that, if successfully exploited, could allow unauthenticated attackers to take control of susceptible devices.

    The vulnerabilities are listed below –

    • CVE-2026-40138 (CVSS score: 9.2) – A pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access stemming from improper validation of authentication data that could allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges.
    • CVE-2026-40139 (CVSS score: 9.2) – A pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support stemming from improper processing of authentication requests that could allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges.
    • CVE-2026-40140 (CVSS score: 8.7) – A pre-authentication vulnerability in the network communication subsystem stemming from insufficient validation of client-supplied input that could allow an unauthenticated remote attacker to trigger a denial-of-service condition, affecting appliance availability.
    • CVE-2026-40141 (CVSS score: 8.5) – A vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access stemming from insufficient validation of user-supplied input that could allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope.

    It’s worth noting that the successful exploitation of CVE-2026-40138 and CVE-2026-40139 hinges on a specific authentication configuration being enabled. In the case of CVE-2026-40141, exploitation, should it occur, is restricted to accounts with specific permissions.

    Cybersecurity

    BeyondTrust said all the identified internally as part of ongoing security assessments, with assistance using publicly available artificial intelligence (AI) models like Anthropic Claude Opus 4.8 and its own proprietary research tooling.

    “The most severe vulnerabilities may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance under specific configurations,” it said. “Additional vulnerabilities may allow service disruption, unintended data access, and, under distinct configurations, elevated access by an authenticated user that may impact system integrity.”

    The issues have been addressed in the following versions –

    • Remote Support RS 25.3.2 or lower (Fixed in RS 25.3.3 and above)
    • Privileged Remote Access PRA 25.3.2 or lower (Fixed in PRA 25.3.3 and above)

    BeyondTrust makes no mention of the vulnerabilities being exploited in the wild. However, security flaws in RS and PRA products (CVE-2024-12356 and CVE-2026-1731) have come under repeated exploitation in the past to deploy web shells and backdoors, making it essential that users move quickly to apply the fixes.

    Auth BeyondTrust Bypass critical Flaws Patches PRA remote Support
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleTarget joins a rank of companies using a points system to track employee attendance
    Next Article Cristiano Ronaldo: Portugal captain meets natural end with national team and goes down as best player to never win World Cup | Football News
    admin
    • Website

    Related Posts

    SkillCloak Lets Malicious AI Agent Skills Evade Static Scanners with Self-Extracting Packing

    July 7, 2026

    Opera GX Flaw Let Malicious Sites Auto-Install Mods to Steal Data From Visited Pages

    July 7, 2026

    Leading US Democrats withdraw support for Platner after assault allegations | US Midterm Elections 2026 News

    July 6, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    President Rings Stock Market Opening Bell to Celebrate Trump Accounts

    South Korea Strengthens Law to Curb Spread of Fake News

    Switzerland vs Colombia: World Cup last 16: Prediction, start time and news | World Cup 2026 News

    Cut the Alien Jokes, These Mysterious Spheres Are Likely Space Debris

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by