Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical BeyondTrust Vulnerabilities Enable Access Control Bypass

Critical BeyondTrust Vulnerabilities Enable Access Control Bypass

Posted on July 7, 2026 By CWS

Several critical vulnerabilities have been identified in BeyondTrust’s Remote Support (RS) and Privileged Remote Access (PRA) solutions, posing significant risks of unauthorized access to critical systems. These vulnerabilities, disclosed by BeyondTrust, allow attackers to bypass access controls, potentially compromising sensitive data.

High-Severity Risks Identified

These issues are cataloged under Advisory ID BT26-03 and have a maximum CVSS v4 score of 9.2, indicating high severity. The vulnerabilities were discovered by BeyondTrust’s Product Security team during routine security assessments, leveraging both AI-driven and proprietary vulnerability discovery tools.

Details of the Vulnerabilities

The primary vulnerabilities, CVE-2026-40138 and CVE-2026-40139, originate from inadequate authentication processes within the affected products. These flaws could permit attackers to bypass access controls without authentication under certain configurations. Specifically, CVE-2026-40138 affects both RS and PRA, while CVE-2026-40139 is limited to RS, both arising from improper authentication data handling.

Additionally, two high-severity vulnerabilities were identified: CVE-2026-40140, a pre-authentication flaw in network communications, and CVE-2026-40141, affecting a web application component, which could lead to unintended resource access.

Mitigation and Security Measures

BeyondTrust has confirmed that as of April 21, 2026, cloud-hosted clients received automatic patches. However, self-hosted deployments must manually apply updates to mitigate risks. Versions 25.3.2 and earlier are vulnerable, and it is recommended to update to version 25.3.3 or later to address these vulnerabilities.

Security teams must prioritize patching, especially in environments where remote access tools are exposed to external networks. Given the potential for privilege escalation and unauthenticated exploitation, these vulnerabilities could be exploited in targeted attacks or broader campaigns if not addressed promptly.

Organizations are urged to apply the April 2026 security rollup patches to safeguard their systems. Prompt action will help in maintaining robust security postures and protecting against potential breaches.

Cyber Security News Tags:access control, Authentication, BeyondTrust, cloud security, CVE, Cybersecurity, Exploitation, network security, PRA solutions, RS solutions, security patch, security update, threat detection, Vulnerability

Post navigation

Previous Post: Microsoft Device ID Reveals Scattered Spider Hacker
Next Post: Admin Backdoor Found in Tenda Router Firmware

Related Posts

Critical MongoDB Flaw Exposes Servers to Attacks Critical MongoDB Flaw Exposes Servers to Attacks Cyber Security News
Phishing Emails Exploit Code of Conduct in AiTM Attack Phishing Emails Exploit Code of Conduct in AiTM Attack Cyber Security News
Hugging Face Vulnerability Risks Remote Code Attacks Hugging Face Vulnerability Risks Remote Code Attacks Cyber Security News
APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task APT MuddyWater Attacking CFOs Leveraging OpenSSH, Enables RDP, and Scheduled Task Cyber Security News
CISA Shares New Threat Detections for Actively Exploited WSUS Vulnerability CISA Shares New Threat Detections for Actively Exploited WSUS Vulnerability Cyber Security News
Developers Warned of OpenVSX Aqua Trivy Exploit Developers Warned of OpenVSX Aqua Trivy Exploit Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • VECT and TeamPCP: Unveiling the Ransomware Supply Chain Strategy
  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark