Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
3170 articles · 171887 vulns · 37/41 feeds (7d)
← Back to list
—
CVE-2026-40138PATCHED
BeyondTrust · Remote Support

Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

Description

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled

Affected Products

VendorProductVersions
BeyondTrustRemote Support0, 0, 0, 0

Also Affects

Downstream vendors/products affected by this vulnerability

VendorProductSourceConfidence
beyondtrustprivileged remote accessmitre_affected90%

References

  • https://www.beyondtrust.com/trust-center/security-advisories/bt26-03

Related News (1 articles)

Tier C
VulDB5h ago
CVE-2026-40138 | BeyondTrust Remote Support and Privileged Remote Access up to 25.3.2/26.2.0 access control
→ No new info (linked only)
CISA KEV❌ No
Actively exploited❌ No
Patch available
26.2.125.3.3
CWECWE-287
PublishedJul 6, 2026
Last enriched5h agov2
Tags
CVE-2026-40138
Trending Score25
Source articles1
Independent1
Info Completeness8/14
Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (4)

NONECVE-2026-40140
High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
Trending: 30
PRE-CVE
Multiple vulnerabilities in BeyondTrust Remote Support and Privileged Remote Access
Trending: 20
NONECVE-2026-40141
High-Severity Vulnerability In Web Application Component of BeyondTrust Remote Support and Privileged Remote Access
Trending: 20
NONECVE-2026-40139
Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
Trending: 20

Pin to Dashboard

Verification

State: verified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 6, 2026
Discovered by ZDM
Jul 6, 2026
Updated: affectedVersions, tags
Jul 6, 2026
Patch Available
Jul 6, 2026

Version History

v2
Last enriched 5h ago
v2Tier C5h ago

Updated affected versions to include 25.3.2 and 26.2.0, changed severity to CRITICAL, and noted that no exploit exists.

affectedVersionstags
via VulDB
v15h ago

Initial creation