BeyondTrust has patched four critical flaws in Remote Support and Privileged Remote Access that could let attackers bypass access controls, trigger denial-of-service conditions, or reach unauthorized data under certain configurations. The company said the issues were found internally during security assessments, and users should update immediately to RS 25.3.3 or later and PRA 25.3.3 or later. #BeyondTrust #CVE-2026-40138 #CVE-2026-40139 #CVE-2026-40140 #CVE-2026-40141
Keypoints
- BeyondTrust released fixes for critical flaws in Remote Support and Privileged Remote Access.
- CVE-2026-40138 and CVE-2026-40139 could allow unauthenticated access under specific authentication settings.
- CVE-2026-40140 could let an attacker cause a denial-of-service condition.
- CVE-2026-40141 could let a limited authenticated user access data beyond their authorization scope.
- Users should upgrade to RS 25.3.3 or PRA 25.3.3, as prior flaws in these products have been exploited before.
Read More: https://thehackernews.com/2026/07/beyondtrust-patches-critical-auth.html