• Request consultation
  • Newsletter
  • Deutsch Deutsch German de
  • English English English en
  • Italiano Italiano Italian it
  • Nederlands Nederlands Dutch nl
Greenbone
  • Products
    • OPENVAS BASIC
      • OPENVAS BASIC: Order
    • OPENVAS SCAN
    • Upcoming Solutions
      • OPENVAS SECURITY INTELLIGENCE
      • OPENVAS AI
    • Solutions for Your Sector
      • Educational Sector
      • Healthcare Sector
      • Public Sector
    • Technology
      • Feed Comparison
      • Product Comparison
        • OPENVAS vs. Nessus
      • Roadmap & Lifecycle
  • Service & Support
    • Technical Support
    • Self-Learning Courses
    • Documents
  • Events
    • Cybersec Europe 2026
    • Webinars
  • Partners
    • MSSP
  • About Greenbone
    • Careers
    • Contact
  • Blog
    • Know-how
      • Attack Vector Timeline
      • Cyberattacks and Defense
      • Cyber Defense Security
      • Cyber Resilience Act
      • Data Security
      • Digital Operational Resilience Act
      • Exposure Management
      • IT and Information Security
      • NIS2 Directive
      • Open Source Vulnerability Management
      • The Vulnerability Timeline
  • Click to open the search input field Click to open the search input field Search
  • Menu Menu
  • Products
    • OPENVAS BASIC
      • OPENVAS BASIC: Order
    • OPENVAS SCAN
    • Upcoming Solutions
      • OPENVAS SECURITY INTELLIGENCE
      • OPENVAS AI
    • Solutions for your sector
      • Educational Sector
      • Healthcare Sector
      • Public Sector
    • Technology
      • Feed Comparison
      • Product Comparison
        • OPENVAS vs. Nessus
      • Roadmap and Lifecycle
    • Request IT Security
  • Service & Support
    • Technical Support
    • Self-Learning Courses
    • Documents
  • Events
    • Cybersec Europe 2026
    • Webinars
  • Partners
    • MSSP
  • About Greenbone
    • Careers
    • Contact
    • Newsletter
  • Our Blog
    • Know-how
      • Attack Vector Timeline
      • Cyberattacks and Defense
      • Cyber Defense Security
      • Cyber Resilience Act
      • Data Security
      • Digital Operational Resilience Act
      • Exposure Management
      • IT and Information Security
      • NIS2 Directive
      • Open Source Vulnerability Management
      • The Vulnerability Timeline
  • German
  • English
  • Italian
  • Dutch
Joseph Lee

BeyondTrust BT26-03: Critical and High-Severity Flaws in Remote Support and Privileged Remote Access

Blog

BeyondTrust advisory BT26-03, issued on July 6th, 2026, describes multiple new vulnerabilities in BeyondTrust Remote Support (RS) and BeyondTrust Privileged Remote Access (PRA). The vulnerabilities include two critical flaws exploitable without authentication and additional high-severity issues in network communication and web application components. All the flaws require specific configurations for exploitation, but BeyondTrust has not disclosed the configuration details.

According to BeyondTrust, the issues were found through internal AI-driven vulnerability research using publicly available AI models, and they were fixed before exploitation. The vendor also claims that the flaws were not exploited or known outside the company prior to remediation.

BeyondTrust BT26-03-Security-Bulletin: critical and high severity flaws in Remote Support and Privileged Remote Access

There is no evidence that any of the CVEs have been exploited in the wild, and no public proof-of-concept (PoC) exploits have been published. CISA has added three vulnerabilities affecting BeyondTrust RS and PRA to its KEV Catalog since late 2024, indicating that the products are popular targets for attackers. CVE-2026-1731 was added in early 2026 and is associated with ransomware attacks. Numerous national CERT agencies have issued alerts [1][2][3][4][5][6][7][8][9], indicating high global risk.

BeyondTrust BT26-03 advisory: critical and high-severity vulnerabilities in Remote Support and Privileged Remote Access

OPENVAS ENTERPRISE FEED includes a remote banner version check covering CVE-2026-40138, CVE-2026-40140, and CVE-2026-40141 in BeyondTrust PRA, and a separate remote banner version check for CVE-2026-40138, CVE-2026-40139, CVE-2026-40140, and CVE-2026-40141 in BeyondTrust RS. Grabbing a copy of OPENVAS SCAN with a free two-week trial of the OPENVAS ENTERPRISE FEED is a surefire way to gain the deepest insight into where software vulnerabilities exist in your organization’s IT infrastructure.

Vulnerabilities Disclosed in the BeyondTrust BT26-03 Advisory

The BeyondTrust BT26-03 advisory covers two critical and two high-severity CVEs across two products: BeyondTrust RS and PRA. There is no evidence of exploitation in the wild, and no publicly available PoC exploits exist for any of the CVEs disclosed in BT26-03. All of the flaws have been assigned moderate EPSS scores: 34th – 47th percentiles.

The four CVEs disclosed in BeyondTrust BT26-03, each shown with its CVSS severity band and EPSS exploitation-probability score

CVE-2026-40141 CVSS 9.9 · Critical EPSS 0.5% (38th)

An improper neutralization of special elements in data-query logic [CWE-943] flaw in a web application component of BeyondTrust RS and PRA. An authenticated attacker with specific permissions could access or manipulate resources and data outside the intended authorization boundary.

CVE-2026-40139 CVSS 9.8 · Critical EPSS 0.7% (47th)

An improper authentication [CWE-287] flaw in BeyondTrust RS. A remote, unauthenticated attacker could bypass access controls when a specific authentication configuration is enabled, which BeyondTrust does not publicly identify.

CVE-2026-40138 CVSS 8.1 · High EPSS 0.4% (34th)

An improper authentication [CWE-287] flaw in BeyondTrust RS and PRA. A remote, unauthenticated attacker could bypass access controls and reach elevated accounts when a specific authentication configuration is enabled, which BeyondTrust does not publicly identify.

CVE-2026-40140 CVSS 7.5 · High EPSS 0.6% (43rd)

An uncontrolled resource consumption [CWE-400] flaw in the network communication subsystem of BeyondTrust RS and PRA. A remote, unauthenticated attacker could trigger a denial-of-service and disrupt appliance availability.

Affected Products and Versions

BeyondTrust states that all cloud-hosted RS and PRA instances were patched as of April 21st, 2026. For self-hosted deployments, the vendor directs customers to apply the April security rollup patch or upgrade to the fixed product versions. The supplied evidence identifies RS 25.3.2 and earlier and PRA 25.3.2 and earlier as affected. BeyondTrust provides no workarounds for the vulnerabilities.

Product CVEs Affected versions Fixed versions

BeyondTrust Remote Support

CVE-2026-40138, CVE-2026-40139, CVE-2026-40140, CVE-2026-40141

RS 25.3.2 or earlier

RS 25.3.3 or later; Security Rollup April 2026 25 RS or Security Rollup April 2026 24 RS, depending on the RS version

BeyondTrust Privileged Remote Access

CVE-2026-40138, CVE-2026-40140, CVE-2026-40141

PRA 25.3.2 or earlier

PRA 25.3.3 or later; Security Rollup April 2026 25 PRA or Security Rollup April 2026 24 PRA, depending on the PRA version

BeyondTrust Remote Support (RS) is an enterprise-grade remote support tool used by IT service desks, help desks, and support teams to connect to and control remote systems and devices. In operational terms, that means the product often sits on a path used for remote troubleshooting, administrative support, and endpoint interaction.

BeyondTrust Privileged Remote Access (PRA) is used to manage remote access to critical systems for privileged users and third-party vendors. The product includes session monitoring, auditing, recording, and least-privilege controls. BeyondTrust also describes the B Series Appliance as the central communication point for secure remote access, handling session brokering, authentication, logging, auditing, and encryption.

Start Your Free Trial

The OPENVAS ENTERPRISE FEED includes remote banner version checks for CVE-2026-40138, CVE-2026-40139, CVE-2026-40140, and CVE-2026-40141 across BeyondTrust RS [1] and PRA [2]. Grab a copy of OPENVAS SCAN with a free two-week trial of the OPENVAS ENTERPRISE FEED to gain the deepest insight into where software vulnerabilities exist in your organization’s IT infrastructure.

Summary

BT26-03 consolidates four confirmed vulnerabilities across BeyondTrust Remote Support and BeyondTrust Privileged Remote Access. The most important issues are the two critical pre-authentication flaws, followed by the high-severity vulnerabilities in the network communication and web application components. Although none of the CVEs are known to have been exploited in the wild and no public PoC exploit exists, CISA has added three vulnerabilities affecting BeyondTrust RS and PRA to its KEV Catalog since late 2024. CVE-2026-1731 was added in early 2026 and is associated with ransomware attacks. Numerous national CERT agencies have issued alerts, indicating high global risk. Greenbone’s OPENVAS ENTERPRISE FEED provides remote banner version checks for the BT26-03 CVEs, helping defenders identify affected BeyondTrust RS and PRA appliances and prioritize remediation.

 

Contact Test Now Buy Here Back to Overview
Joseph Lee
Joseph Lee

Joseph has had a varied and passionate background in IT and cyber security since the late 1980s. His early technical experience included working on an IBM PS/2, assembling PCs and programming in C++.

He also pursued academic studies in computer and systems engineering, anthropology and an MBA in technology forecasting.

Joseph has worked in data analytics, software development and, in particular, enterprise IT security. He specialises in vulnerability management, encryption and penetration testing.

LinkedIn

15. July 2026/by Joseph Lee
Share this entry
  • Share on LinkedIn
  • Share by Mail
https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png 0 0 Joseph Lee https://www.greenbone.net/wp-content/uploads/greenbone-logo-2025.png Joseph Lee2026-07-15 10:59:032026-07-15 10:59:03BeyondTrust BT26-03: Critical and High-Severity Flaws in Remote Support and Privileged Remote Access

Search

Search Search

Archive

  • 2026
  • 2025

Newsletter

Subscribe Now

OPENVAS BASIC

Our entry-level enterprise product

Test 14 Days Free of Charge

Products & Solutions

  • OPENVAS PRODUCTS
  • OPENVAS SECURITY INTELLIGENCE
  • OPENVAS SCAN
  • OPENVAS BASIC
  • OPENVAS FREE
  • OPENVAS AI
ISO9001-EN

Service & Support

  • Technical Support
  • FAQ
  • Documents
  • Warranty
  • Open Source Vulnerability Management
  • Cyber Resilience Act
ISO27001-EN

About us

  • About Greenbone
  • Partners
  • MSSP
  • License information
  • Privacy Statement
  • Terms & Conditions
ISO14001-EN

Contact with us

  • Contact
  • Newsletter
  • Media Contact
  • Careers
  • Security Response
  • Imprint
  • Grounding Page

Community

  • Community Portal
  • Community Forum
© Copyright - Greenbone AG 2020-2026
  • Link to LinkedIn
Link to: CVE-2026-48282: CVSS 10 Flaw in Adobe ColdFusion Is Actively Exploited and More Link to: CVE-2026-48282: CVSS 10 Flaw in Adobe ColdFusion Is Actively Exploited and More CVE-2026-48282: CVSS 10 Flaw in Adobe ColdFusion Is Actively Exploited and ...
Scroll to top Scroll to top Scroll to top
Contact
Request IT Security Contact Us Subscribe to Newsletter Follow on LinkedIn