Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Critical Vulnerabilities Fixed in BeyondTrust Support Products

Critical Vulnerabilities Fixed in BeyondTrust Support Products

Posted on July 7, 2026 By CWS

BeyondTrust has addressed two critical security vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) products. These flaws, if left unpatched, could allow unauthorized attackers to seize control of affected devices.

Details of Discovered Vulnerabilities

Each identified flaw could potentially lead to serious security breaches. The vulnerabilities, assigned CVE-2026-40138 and CVE-2026-40139, both received a high CVSS score of 9.2. They result from improper validation and processing of authentication data, enabling attackers to bypass security controls and access privileged accounts without authorization.

Additionally, CVE-2026-40140, with a CVSS score of 8.7, arises from inadequate validation of client inputs, which could trigger a denial-of-service state. Another vulnerability, CVE-2026-40141, with a score of 8.5, involves insufficient input validation that might allow authenticated users to access unauthorized resources.

Conditions for Exploitation

Exploitation of CVE-2026-40138 and CVE-2026-40139 is contingent on specific authentication settings being active. The vulnerability CVE-2026-40141, on the other hand, requires specific user permissions for exploitation.

BeyondTrust discovered these issues internally through rigorous security assessments, utilizing advanced AI tools such as Anthropic Claude Opus 4.8, alongside proprietary research methods. The company emphasizes that unpatched systems may face unauthorized access and potential service disruptions.

Recommended Actions and Updates

To mitigate these risks, BeyondTrust has released patches in RS version 25.3.3 and PRA version 25.3.3. Users operating on versions 25.3.2 or lower are advised to update immediately to protect their systems from potential exploitation.

While there have been no reports of these vulnerabilities being exploited in the wild, similar security issues in the past have led to the deployment of web shells and backdoors. Therefore, timely application of updates is crucial for maintaining system integrity and security.

By addressing these vulnerabilities promptly, BeyondTrust underscores its commitment to maintaining high security standards and protecting its users from potential cyber threats.

The Hacker News Tags:auth bypass, BeyondTrust, Cybersecurity, network security, Patches, Privileged Remote Access, Remote Support, Security, software update, Vulnerabilities

Post navigation

Previous Post: Critical Fast-mcp-telegram Vulnerability Exposed
Next Post: Microsoft Device ID Reveals Scattered Spider Hacker

Related Posts

Why IT Leaders Must Rethink Backup in the Age of Ransomware Why IT Leaders Must Rethink Backup in the Age of Ransomware The Hacker News
Man-in-the-Middle Attack Prevention Guide Man-in-the-Middle Attack Prevention Guide The Hacker News
What Security Leaders Need to Know About AI Governance for SaaS What Security Leaders Need to Know About AI Governance for SaaS The Hacker News
AI Assistants Exploited as Malware Command Channels AI Assistants Exploited as Malware Command Channels The Hacker News
Addressing the Hidden Costs of Credential Incidents Addressing the Hidden Costs of Credential Incidents The Hacker News
Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups Microsoft Discloses Exchange Server Flaw Enabling Silent Cloud Access in Hybrid Setups The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Global Expansion of Gentlemen Ransomware Threats
  • Critical Flaw in Google Dialogflow CX Exposed
  • Vulnerability in GCP Dialogflow Enables Malicious Code Injection
  • Gitea Vulnerability Exploited Actively, Experts Alert
  • RedWing Malware Offers Banking Fraud via Telegram

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark