NCSC-2026-0223 [1.00] [M/H] Vulnerabilities fixed in BeyondTrust Remote Support and Privileged Remote Access
BeyondTrust has fixed vulnerabilities in the products Remote Support and Privileged Remote Access. The vulnerabilities affect multiple aspects of the products Remote Support and Privileged Remote Access. There is a pre-authentication vulnerability that allows a network-based attacker to bypass access controls without prior authentication, provided a specific authentication configuration is enabled. This allows an attacker to gain unauthorized and potentially elevated access. Additionally, there is an issue with insufficient validation of client input in the network communication subsystem, allowing an unauthenticated attacker to cause a denial-of-service by disrupting normal network communication. Furthermore, authenticated users with limited rights can gain access to unauthorized resources due to insufficient input validation, although this is limited to accounts with specific permissions.
CSIRTS triage
- What
- Vulnerabilities allow unauthorized access and Denial of Service due to insufficient validation.
- Who is affected
- Deployments of BeyondTrust Remote Support and Privileged Remote Access are affected.
- Urgency
- Remediation is important due to the potential for unauthorized access and service disruption.
- Action
- Update to the latest version of BeyondTrust products to mitigate these vulnerabilities.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch Remote Support and Privileged Remote Access
Get an email when a new Remote Support and Privileged Remote Access advisory drops — max one per day, one-click unsubscribe.
Details
Original advisory: https://advisories.ncsc.nl/advisory?id=NCSC-2026-0223
Exploitation outlook
EPSS (FIRST.org) estimates each CVE’s probability of exploitation in the next 30 days — here is the CSIRTS.com read on those numbers.
- Low exploitation riskCVE-2026-401400.56% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 43% of all scored CVEs.
- Low exploitation riskCVE-2026-401410.48% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 38% of all scored CVEs.
- Low exploitation riskCVE-2026-401380.42% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 34% of all scored CVEs.
- Low exploitation riskCVE-2026-401390.65% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all scored CVEs.
Referenced CVEs
| CVE | CSIRTS overview | External |
|---|---|---|
| CVE-2026-40140 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-40141 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-40138 | coverage & exploitation status | NVD · CVE.org |
| CVE-2026-40139 | coverage & exploitation status | NVD · CVE.org |
Same CVEs, other sources
How other CERTs, PSIRTs and databases cover the vulnerabilities in this advisory.
- high[NEW] [high] BeyondTrust Privileged Remote Access and Remote Support: Multiple vulnerabilitiescert-bund
- unknownBeyondTrust Products Multiple Vulnerabilitieshkcert
- criticalCVE-2026-40141: A high-severity vulnerability exists in a web application component of BeyondTrust Remote Supp…nvd
- highCVE-2026-40140: BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentica…nvd
- criticalCVE-2026-40139: A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTr…nvd
- highCVE-2026-40138: A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTr…nvd
Recent advisories for BeyondTrust Remote Support
A cluster of recent advisories against the same product widens the attack surface — attackers routinely chain freshly published CVEs on one product, so review these together.
- high[NEW] [high] BeyondTrust Privileged Remote Access and Remote Support: Multiple vulnerabilitiescert-bund · 2026-07-08
- criticalCVE-2026-40141: A high-severity vulnerability exists in a web application component of BeyondTrust Remote Supp…nvd · 2026-07-06
- highCVE-2026-40140: BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentica…nvd · 2026-07-06
- criticalCVE-2026-40139: A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTr…nvd · 2026-07-06
- highCVE-2026-40138: A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTr…nvd · 2026-07-06
- criticalexploitedCVE-2026-1731: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnera…cisa-kev · 2026-02-13
More from NCSC-NL Advisories
- unknownNCSC-2026-0222 [1.00] [M/H] Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition2026-07-10
- unknownNCSC-2026-0221 [1.00] [M/H] Vulnerabilities fixed in UniFi products from Ubiquiti Networks2026-07-07
- unknownNCSC-2026-0220 [1.00] [M/H] Vulnerabilities fixed in Rancher by Rancher Labs2026-07-03
- unknownNCSC-2026-0219 [1.00] [M/H] Vulnerabilities fixed in GitHub Enterprise Server2026-07-03
- unknownNCSC-2026-0218 [1.00] [M/H] Vulnerability fixed in Cisco Catalyst Center2026-07-02