BeyondTrust patches critical remote access authentication flaws
๐ BeyondTrust has issued urgent patches for critical authentication flaws affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. Two pre-authentication vulnerabilities (CVE-2026-40138 and CVE-2026-40139) could allow attackers to bypass access controls under specific authentication configurations. Additional high-severity issues (CVE-2026-40140 and CVE-2026-40141) address potential denial-of-service and restricted-resource access. Cloud instances were patched on April 21, 2026; self-hosted customers must apply the April security rollup or upgrade to RS/PRA 25.3.3+.
