Cookie Consent by Free Privacy Policy Generator

Critical BeyondTrust Authentication Bypass Flaws Require Urgent Patching

BeyondTrust has released patches for two critical vulnerabilities affecting its Remote Support (RS) and Privileged Remote Access (PRA) products, both widely used for managing privileged access in enterprise environments. The Hacker News reports that the flaws, tracked as CVE-2026-40138 (CVSS 9.2) and a second undisclosed critical issue, allow unauthenticated attackers to bypass authentication and potentially take control of affected systems. The vulnerabilities exist in pre-authentication code paths, meaning exploitation does not require valid credentials. BeyondTrust has published security advisories and patches, and organisations using these products are advised to apply updates immediately.

Why this matters for UK organisations

Privileged access management tools are high-value targets because they control access to critical systems, administrative credentials and sensitive infrastructure. A successful exploit could allow an attacker to move laterally across networks, escalate privileges, or establish persistent access to environments that should be tightly controlled. For UK organisations relying on BeyondTrust for remote support or privileged session management, these vulnerabilities represent a direct risk to the integrity of their access controls. The pre-authentication nature of the flaws makes them particularly serious, as they can be exploited without prior compromise of user accounts. Organisations in sectors such as finance, healthcare, local government and managed services, where privileged access management is critical to operational security, should treat this as a high-priority patching exercise. The risk is compounded if BeyondTrust systems are exposed to the internet or accessible from less-trusted network segments.

What to review

Organisations using BeyondTrust Remote Support or Privileged Remote Access should prioritise patching CVE-2026-40138 and related critical vulnerabilities immediately. Security teams should review access logs for any unusual authentication activity, unexpected privileged sessions, or signs of reconnaissance activity targeting BeyondTrust systems. It is also worth confirming that privileged access management tools are included in routine vulnerability management processes, that patching timelines are clearly defined, and that these systems are monitored for anomalous behaviour. Organisations should also review whether BeyondTrust systems are appropriately segmented from less-trusted networks, and whether access to these tools is restricted to authorised administrators only. This is a good opportunity to confirm that ownership of privileged access management security is clearly assigned and that incident response plans account for the possibility of compromise via these tools.

Source: The Hacker News

News and blog posts
Today's brief focuses on vulnerabilities and attack techniques affecting widely...
BeyondTrust has released patches for two critical vulnerabilities affecting its...
Sysdig has documented what it describes as the first known case of an AI agent...
Kaspersky researchers have identified a phishing campaign that abuses the OAuth...