Home AIBeyondTrust warns of critical flaws in remote access software

BeyondTrust warns of critical flaws in remote access software

by OmarAli
BeyondTrust

BeyondTrust

BeyondTrust warned customers to patch two critical vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) software that could allow attackers to bypass authentication.

The first vulnerability, tracked as CVE-2026-40138, affects the company’s RS Remote Desktop and Assistance Platform (versions 25.3.2 or earlier) and the PRA Enterprise Cybersecurity Solution (versions 25.3.2 or earlier). This vulnerability is due to an improper authentication weakness in the authentication subsystem, and successful exploitation allows unprivileged attackers to bypass access controls and access targeted appliances, including accounts with elevated privileges.

The second patch (CVE-2026-40139) patched this week is due to improper processing of BeyondTrust RS authentication requests, which allows unauthenticated remote attackers to gain unauthorized access to vulnerable instances.

Picture

In both cases, BeyondTrust noted that the exploitation also required a specific authentication configuration to be enabled, but did not provide further details.

BeyondTrust has also released security updates for two serious security issues (CVE-2026-40140 and CVE-2026-40141) that can be exploited to cause denial of service or access restricted resources on unpatched RS and PRA instances.

“The most severe vulnerabilities could allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance in certain configurations. Additional vulnerabilities could result in service interruptions, inadvertent data access, and in certain configurations, increased access by an authenticated user, which may compromise system integrity,” BeyondTrust said.

“As of April 21, 2026, a patch has been applied to all RS/PRA Cloud customers. Self-hosted customers should apply the April security rollup patch for the affected version if their instance is not subscribed to automatic updates or has not upgraded to RS 25.3.3 and later or PRA 25.3.3 and later.”

Internet security monitoring group Shadowserver is now tracking nearly 2,000 BeyondTrust RS and PRA instances exposed online, but there are no details on how many honeypots there are or how many have already been patched against these vulnerabilities.

Made BeyondTrust RS and PRA instances available onlineBeyondTrust RS and PRA instances made available online (shadow server)

BeyondTrust vulnerabilities are exploited in attacks

While BeyondTrust did not disclose information about these vulnerabilities being exploited in attacks before the patch, other vulnerabilities in the company’s remote support software have been exploited in recent years.

Most recently, a critical pre-authentication remote code execution vulnerability affecting Remote Support and Privileged Remote Access appliances (CVE-2026-1731) was exploited to establish WebSocket channels and deploy ransomware on vulnerable systems.

Other BeyondTrust vulnerabilities have been weaponized to compromise the systems of U.S. government agencies. For example, two years ago, the U.S. Treasury Department announced that its network had been hacked as part of an incident related to the notorious Chinese state-backed cyber espionage group Silk Typhoon.

Silk Typhoon is believed to have exploited two zero-days (CVE-2024-12356 and CVE-2024-12686) to break into BeyondTrust’s systems and use a stolen API key to compromise 17 Remote Support SaaS instances, including the Treasury Department instance.

The Chinese hacking group also targeted the Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments for national security risks, and the Office of Foreign Assets Control (OFAC), which manages US sanctions programs.

Item image

Security teams log 54% of successful attacks and only issue an alert for 14%. The rest moves through your surroundings unnoticed.

The Picus white paper shows how breach and attack simulation tests your SIEM and EDR rules so threats don’t slip through detection.

Get the white paper

https://www.bleepingcomputer.com/news/security/beyondtrust-warns-of-critical-flaws-in-remote-access-software/

Viral Trends

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More