CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

NCSC-2026-0223 [1.00] [M/H] Vulnerabilities fixed in BeyondTrust Remote Support and Privileged Remote Access

unknownCVE-2026-40140CVE-2026-40141CVE-2026-40138CVE-2026-40139
BeyondTrust has fixed vulnerabilities in the products Remote Support and Privileged Remote Access. The vulnerabilities affect multiple aspects of the products Remote Support and Privileged Remote Access. There is a pre-authentication vulnerability that allows a network-based attacker to bypass access controls without prior authentication, provided a specific authentication configuration is enabled. This allows an attacker to gain unauthorized and potentially elevated access. Additionally, there is an issue with insufficient validation of client input in the network communication subsystem, allowing an unauthenticated attacker to cause a denial-of-service by disrupting normal network communication. Furthermore, authenticated users with limited rights can gain access to unauthorized resources due to insufficient input validation, although this is limited to accounts with specific permissions.

CSIRTS triage

What
Vulnerabilities allow unauthorized access and Denial of Service due to insufficient validation.
Who is affected
Deployments of BeyondTrust Remote Support and Privileged Remote Access are affected.
Urgency
Remediation is important due to the potential for unauthorized access and service disruption.
Action
Update to the latest version of BeyondTrust products to mitigate these vulnerabilities.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch Remote Support and Privileged Remote Access

Get an email when a new Remote Support and Privileged Remote Access advisory drops — max one per day, one-click unsubscribe.

Details

Source
NCSC-NL Advisories (NL · national-cert · site)
Severity
unknown
Published
2026-07-10
Exploitation
Not in CISA KEV at last sync
Language
Machine-translated to English — verify against the original

Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0223

Exploitation outlook

EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.

Referenced CVEs

CVECSIRTS overviewExternal
CVE-2026-40140coverage & exploitation statusNVD · CVE.org
CVE-2026-40141coverage & exploitation statusNVD · CVE.org
CVE-2026-40138coverage & exploitation statusNVD · CVE.org
CVE-2026-40139coverage & exploitation statusNVD · CVE.org

Same CVEs, other sources

How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.

Recent advisories for BeyondTrust Remote Support

A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.

More from NCSC-NL Advisories