BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
BeyondTrust patched four critical vulnerabilities in Remote Support and Privileged Remote Access products, including two allowing unauthenticated remote code execution via auth bypass. The vulnerabilities were discovered internally during security assessments with assistance from public AI models like Anthropic Claude Opus 4.8 and proprietary tools. CVE-2026-40138 and CVE-2026-40139 (CVSS 9.2) enable full appliance takeover, while CVE-2026-40140 causes denial-of-service and CVE-2026-40141 allows
Analysis
TL;DR
- BeyondTrust patched four critical vulnerabilities in Remote Support and Privileged Remote Access products, including two allowing unauthenticated remote code execution via auth bypass.
- The vulnerabilities were discovered internally during security assessments with assistance from public AI models like Anthropic Claude Opus 4.8 and proprietary tools.
- CVE-2026-40138 and CVE-2026-40139 (CVSS 9.2) enable full appliance takeover, while CVE-2026-40140 causes denial-of-service and CVE-2026-40141 allows privilege escalation for limited users.
- Updates are available in Remote Support and PRA version 25.3.3 and above, addressing risks highlighted by previous exploits targeting similar products.
Why It Matters
This incident highlights the growing integration of generative AI into enterprise security workflows, specifically for vulnerability discovery and code auditing. For security practitioners, it underscores the urgency of patching privileged access management tools, which are high-value targets for attackers seeking lateral movement and persistent access.
Technical Details
- CVE-2026-40138 & CVE-2026-40139 (CVSS 9.2): Pre-authentication flaws in the authentication subsystem allowing unauthenticated attackers to bypass access controls and gain elevated privileges, contingent on specific authentication configurations.
- CVE-2026-40140 (CVSS 8.7): A denial-of-service vulnerability in the network communication subsystem due to insufficient validation of client-supplied input.
- CVE-2026-40141 (CVSS 8.5): An authorization bypass in the web application component allowing authenticated users with limited privileges to access unintended resources.
- Remediation: Users must upgrade to Remote Support and Privileged Remote Access versions 25.3.3 or higher.
- Discovery Method: Vulnerabilities were identified using a combination of proprietary research tooling and public AI models, notably Anthropic Claude Opus 4.8.
Industry Insight
- AI-Assisted Security Validation: The explicit mention of using large language models for internal security assessments signals a shift toward AI-augmented threat hunting and code review, requiring organizations to evaluate the efficacy and safety of such tools.
- Supply Chain Risk in PAM Solutions: Privileged Access Management tools remain critical infrastructure; organizations should prioritize immediate patching and monitor for exploit kits targeting these specific CVEs, given the history of similar BeyondTrust flaws being weaponized.
- Configuration Dependency: The reliance on specific configurations for exploitation suggests that hardening authentication settings can serve as an effective compensating control while patches are deployed.
Disclaimer: The above content is generated by AI and is for reference only.