Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Vulnerabilities Fixed in BeyondTrust Support Products

Critical Vulnerabilities Fixed in BeyondTrust Support Products

Posted on July 7, 2026 By CWS

BeyondTrust has addressed two critical security vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) products. These flaws, if left unpatched, could allow unauthorized attackers to seize control of affected devices.

Details of Discovered Vulnerabilities

Each identified flaw could potentially lead to serious security breaches. The vulnerabilities, assigned CVE-2026-40138 and CVE-2026-40139, both received a high CVSS score of 9.2. They result from improper validation and processing of authentication data, enabling attackers to bypass security controls and access privileged accounts without authorization.

Additionally, CVE-2026-40140, with a CVSS score of 8.7, arises from inadequate validation of client inputs, which could trigger a denial-of-service state. Another vulnerability, CVE-2026-40141, with a score of 8.5, involves insufficient input validation that might allow authenticated users to access unauthorized resources.

Conditions for Exploitation

Exploitation of CVE-2026-40138 and CVE-2026-40139 is contingent on specific authentication settings being active. The vulnerability CVE-2026-40141, on the other hand, requires specific user permissions for exploitation.

BeyondTrust discovered these issues internally through rigorous security assessments, utilizing advanced AI tools such as Anthropic Claude Opus 4.8, alongside proprietary research methods. The company emphasizes that unpatched systems may face unauthorized access and potential service disruptions.

Recommended Actions and Updates

To mitigate these risks, BeyondTrust has released patches in RS version 25.3.3 and PRA version 25.3.3. Users operating on versions 25.3.2 or lower are advised to update immediately to protect their systems from potential exploitation.

While there have been no reports of these vulnerabilities being exploited in the wild, similar security issues in the past have led to the deployment of web shells and backdoors. Therefore, timely application of updates is crucial for maintaining system integrity and security.

By addressing these vulnerabilities promptly, BeyondTrust underscores its commitment to maintaining high security standards and protecting its users from potential cyber threats.

The Hacker News Tags:auth bypass, BeyondTrust, Cybersecurity, network security, Patches, Privileged Remote Access, Remote Support, Security, software update, Vulnerabilities

Post navigation

Previous Post: Critical Fast-mcp-telegram Vulnerability Exposed
Next Post: Microsoft Device ID Reveals Scattered Spider Hacker

Related Posts

Dohdoor Backdoor Threatens U.S. Education & Healthcare Dohdoor Backdoor Threatens U.S. Education & Healthcare The Hacker News
Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet The Hacker News
CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw CL0P-Linked Hackers Breach Dozens of Organizations Through Oracle Software Flaw The Hacker News
Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware Microsoft Windows Vulnerability Exploited to Deploy PipeMagic RansomExx Malware The Hacker News
Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC The Hacker News
CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign CERT-UA Discovers LAMEHUG Malware Linked to APT28, Using LLM for Phishing Campaign The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark