

On 7 July 2026, BeyondTrust published patches for four vulnerabilities across its Remote Support and Privileged Remote Access products. Two of those vulnerabilities carry a CVSS score of 9.2. Both allow an unauthenticated attacker to bypass authentication entirely and gain access to accounts with elevated privileges. Neither has been exploited in the wild, as far as BeyondTrust has confirmed. But the history of BeyondTrust's own products tells a cautionary story about the window between disclosure and active exploitation: previous critical flaws in the same product line drew attackers within days of becoming public knowledge.
The four vulnerabilities are tracked as CVE-2026-40138, CVE-2026-40139, CVE-2026-40140, and CVE-2026-40141. All four were identified internally by BeyondTrust, with assistance from publicly available AI models including Anthropic Claude Opus 4.8 and the company's own proprietary research tooling.
CVE-2026-40138 is the most severe. It is a pre-authentication vulnerability in the authentication subsystem of both Remote Support and Privileged Remote Access, stemming from improper validation of authentication data. An unauthenticated attacker positioned on the network can exploit it to bypass access controls and gain unauthorised access to the appliance, including accounts with elevated privileges. CVSS score: 9.2. The vulnerability activates only when a specific authentication configuration is enabled on the appliance. BeyondTrust has not disclosed which configuration option triggers it, which means organisations cannot determine their exposure by inspection alone without consulting BeyondTrust's guidance directly.
CVE-2026-40139 is equally severe on paper: also CVSS 9.2, also pre-authentication, also yielding unauthorised access including elevated-privilege accounts. It affects Remote Support only (not PRA) and stems from improper processing of authentication requests rather than improper validation. The distinction between the two 9.2 flaws matters for exploitation: they are separate code paths, meaning patching one does not address the other. Both require the same specific authentication configuration to be enabled, which is a shared constraint that limits the population of directly exploitable instances.
CVE-2026-40140 scores 8.7 and affects both products. It is also pre-authentication, sitting in the network communication subsystem. Insufficient validation of client-supplied input allows an unauthenticated remote attacker to trigger a denial-of-service condition. This is the least critical of the four in terms of attacker value: disrupting availability is useful for an attacker who wants to mask other activity or force a failover to a less-monitored system, but it does not directly yield access.
CVE-2026-40141 scores 8.5 and requires authentication, making it lower priority for initial access scenarios. An authenticated attacker with limited privileges can access unintended resources or data beyond their authorisation scope, through a web application component that fails to adequately validate user-supplied input. Exploitation is further constrained to accounts with specific permissions. This is an internal privilege escalation concern rather than a perimeter threat.
The reason the 9.2 scores on CVE-2026-40138 and CVE-2026-40139 deserve immediate attention from patch management teams, even absent confirmed in-the-wild exploitation, is the history of how the same product line has been treated by attackers in previous disclosure cycles.
CVE-2024-12356, a critical command injection flaw in BeyondTrust Remote Support, was added to CISA's Known Exploited Vulnerabilities catalogue after active exploitation was confirmed. In the same product, CVE-2026-1731 was subsequently exploited to deploy web shells and backdoors into compromised environments. In both cases, the gap between disclosure and observed exploitation was measured in days, not weeks. Organisations that were still on the pre-patch version when exploitation reached them found themselves dealing not just with a vulnerable appliance but with implants already installed that persisted after patching.
BeyondTrust products sit in a particularly sensitive position in enterprise security architecture. Remote Support and Privileged Remote Access are designed to provide authorised access to endpoints across an organisation's network, frequently including systems that hold sensitive data or that can reach production infrastructure. An attacker who compromises a BeyondTrust appliance does not just gain access to the appliance. They gain access to everything the appliance is authorised to reach, which in a well-deployed BeyondTrust environment is a significant portion of the network.
BeyondTrust's disclosure that Claude Opus 4.8 assisted in finding these four vulnerabilities as part of its internal security assessment programme is notable. It is one of the first major enterprise software vendors to publicly credit an AI model by name in a security advisory for a set of critical findings. The disclosure is a signal about how internal security teams are changing their approach to pre-release code review and ongoing product auditing.
From an attacker's perspective, the same tools are available. AI-assisted vulnerability research is not a capability restricted to vendors and their security teams. Researchers and attackers who use the same models against the same codebases can find the same classes of bugs. The implication is not that AI-assisted discovery is dangerous in itself, but that the productivity gains it offers accrue to everyone: defenders find vulnerabilities faster, but so do attackers who are working against the unpatched versions.
For security teams managing BeyondTrust deployments, the relevance of this point is specific: if BeyondTrust's internal team used AI assistance to find four vulnerabilities in one assessment cycle, there is a reasonable expectation that external researchers and adversaries with access to similar tools are performing similar sweeps. The period between this disclosure and the next patch cycle is a window during which that external discovery work may already be in progress.
The fix for all four vulnerabilities is contained in Remote Support version 25.3.3 and Privileged Remote Access version 25.3.3. Any installation running RS 25.3.2 or lower, or PRA 25.3.2 or lower, is affected. BeyondTrust provides update channels for both cloud-hosted and on-premises deployments; the relevant guidance for each deployment type is in BeyondTrust's security advisory.
For organisations that cannot patch immediately, the most relevant mitigating factor is the authentication configuration constraint on CVE-2026-40138 and CVE-2026-40139. Both require a specific non-default authentication configuration to be enabled. Organisations that use standard local authentication or standard LDAP/SAML configurations that do not match the affected setting may not be directly exposed to the two highest-severity flaws. However, BeyondTrust has not specified which configuration triggers the vulnerability, so organisations should treat this as a reason to patch promptly rather than a definitive reason to deprioritise.
CVE-2026-40140, the denial-of-service vulnerability, is pre-authentication and does not depend on any specific configuration. Any exposed BeyondTrust appliance on a version prior to 25.3.3 can be disrupted by an unauthenticated attacker. In environments where BeyondTrust availability is critical to incident response and system maintenance workflows, even a disruption-only vulnerability deserves priority treatment.
BeyondTrust, CyberArk, Delinea, and their counterparts occupy a specific niche in enterprise security: they are the tools that manage and broker access to everything else. An attacker who compromises a PAM platform gains not just access to the PAM system itself but a position inside the access control infrastructure that manages privileged accounts across the environment. Session recordings, vault contents, just-in-time access grants, and the audit trail for privileged operations are all accessible from that position.
This makes PAM appliances high-value targets for sophisticated attackers, particularly those conducting long-duration intrusions focused on data collection rather than immediate disruption. A persistent implant on a BeyondTrust appliance allows an attacker to intercept privileged sessions, harvest credentials as they are rotated, and observe the internal network from a position that defenders rarely monitor as closely as they monitor endpoints and servers. The audit logs generated by a compromised PAM platform are also the most likely mechanism by which an attacker's activity would be discovered, meaning that an attacker with administrative access to the appliance can suppress their own audit trail.
Security teams that manage BeyondTrust or equivalent products should treat the patching of CVE-2026-40138 and CVE-2026-40139 as time-sensitive. The combination of CVSS 9.2, pre-authentication bypass, and a product with a documented prior exploitation history is exactly the profile that draws rapid attacker interest after a public advisory.
The structure of a security advisory, the CVE IDs, the CVSS scores, the affected versions, the fixed versions, contains more operational intelligence than most patch management processes extract from it. The gap between BeyondTrust RS 25.3.2 and RS 25.3.3 is not just a version number difference. It is the line between an environment with a CVSS 9.2 pre-authentication bypass and one without. Reading that gap correctly requires not just knowing that a patch exists but understanding which environments are affected, what conditions need to be met for exploitation, and what the realistic attacker timeline looks like given the product's prior exploitation history.
For CVE-2026-40138 and CVE-2026-40139 specifically, the authentication configuration constraint is an important factor that BeyondTrust's advisory acknowledges but does not fully specify. Security teams that manage BeyondTrust deployments should contact BeyondTrust support directly to determine whether their specific authentication configuration is the one that enables the vulnerable code path. This is a case where the advisory alone does not give a defender enough information to make a confident risk determination without vendor input.
The strategic value of a compromised PAM system to a nation-state or sophisticated criminal actor extends beyond the immediate access it provides. PAM platforms are the custodians of the audit trail for privileged operations. They record who accessed which system, when, and what they did. An attacker with administrative access to a BeyondTrust appliance can read those records, identifying the most sensitive systems in the environment by observing which ones are accessed most frequently by privileged accounts. They can also suppress their own audit entries, erasing the trail of their own activity before it reaches the SIEM.
In incident response investigations following BeyondTrust compromises linked to CVE-2024-12356 and CVE-2026-1731, forensic teams reported finding web shells in web-accessible directories of the BeyondTrust appliance itself. These shells persisted after the initial vulnerability was patched, because patching a vulnerability does not remove implants that were deployed through it. Any environment that was running an unpatched BeyondTrust version during the window between disclosure and patching for the previous high-severity flaws, and that did not subsequently conduct a full compromise assessment of the appliance, may still have persistent access installed that predates this advisory cycle.
The combination of CVSS 9.2 scores, a product with a documented prior exploitation pattern, and the short timelines between disclosure and active attacks in previous BeyondTrust vulnerability cycles is precisely the risk profile that justifies treating this patch as a top-priority deployment rather than a scheduled maintenance item. BeyondTrust's update deployment process for both cloud and on-premises instances is documented in the advisory; the relevant action is to complete it before the end of the current business day.
Understanding the specific risk that CVE-2026-40138 and CVE-2026-40139 represent requires understanding where BeyondTrust sits in the security architectures of the organisations that deploy it. BeyondTrust Remote Support is a session brokering platform: it allows authorised support agents to connect to end-user devices and servers without requiring those devices to have inbound ports open. The connection is established outbound from the managed device to the BeyondTrust appliance, and the support agent connects to the appliance to interact with the session. This architecture means the BeyondTrust appliance sits at the intersection of every remote support session in the environment.
Privileged Remote Access takes this a step further. PRA is designed specifically for privileged accounts: system administrators, database administrators, DevOps teams, and anyone else who needs authenticated access to systems that hold sensitive data or control production infrastructure. PRA logs every command entered during a privileged session, records screen activity, and maintains an audit trail that serves as the source of truth for what privileged users did and when. In a regulated environment, PRA's audit trail may be the mechanism by which an organisation demonstrates compliance with privileged access management requirements to auditors.
An attacker who gains administrative access to a BeyondTrust PRA appliance through CVE-2026-40138 or CVE-2026-40139 does not just acquire a foothold in the security infrastructure. They acquire the ability to read every in-progress privileged session in real time, inject commands into sessions, extract the credentials or tokens that authorised users are entering, purge or modify the audit trail to hide their own activity and the activity of any malicious commands they execute, and enumerate every system reachable through the appliance along with the credential sets configured to access each one.
When a single vendor advisory covers four vulnerabilities with a range of CVSS scores, the practical challenge for security teams is prioritisation, particularly in environments where a maintenance window must be scheduled and cannot happen immediately. For the four BeyondTrust vulnerabilities, the prioritisation is relatively clear, though nuanced.
CVE-2026-40138 and CVE-2026-40139, both at CVSS 9.2 and both pre-authentication, are the critical priority. They require only network access to the BeyondTrust appliance and the presence of a specific authentication configuration. The remediation for both is contained in the same patch, RS and PRA version 25.3.3, so addressing them together in a single maintenance window is straightforward. These two vulnerabilities represent the most plausible path to complete appliance compromise without any credentials.
CVE-2026-40140, the denial-of-service vulnerability at CVSS 8.7, is pre-authentication and therefore reachable by any attacker who can reach the appliance. It does not directly yield access, but availability disruption of a BeyondTrust appliance affects every team that depends on it for system maintenance and incident response. In many environments, losing access to BeyondTrust during an ongoing security incident would materially hamper the response. This makes it operationally significant even if its CVSS score is lower than the access-granting flaws.
CVE-2026-40141, at CVSS 8.5 and requiring authentication plus specific permissions, represents a post-authentication privilege escalation concern. It is lower priority for immediate patching because it requires an attacker to already hold a valid account. However, in environments where contractor accounts, vendor accounts, or user accounts with limited permissions have access to the BeyondTrust appliance, this vulnerability represents a path from limited access to broader data access that should not be overlooked once the critical priority patches are deployed.
If an organisation's BeyondTrust appliance was running a version prior to 25.3.3 during the window since this advisory's publication and cannot rule out that it was targeted, the first step is forensic preservation, not patching. Patching changes the system state and may overwrite forensic evidence. The forensic process for a potentially compromised BeyondTrust appliance should capture the current state of the web application's file system, looking specifically for web shells or unusual files in web-accessible directories, review the web server access logs for requests that match the patterns associated with CVE-2026-40138 and CVE-2026-40139 exploitation, examine the BeyondTrust audit database for any sessions or administrative actions performed by accounts that should not have been able to authenticate, and check for any new administrative accounts that may have been created.
BeyondTrust's previous exploitation history with CVE-2024-12356 and CVE-2026-1731 established that attackers who successfully exploited BeyondTrust vulnerabilities used the access to deploy web shells that persisted after patching. Any compromise assessment should specifically include a search for files with web shell characteristics across all web-accessible directories of the appliance, including subdirectories that may not be part of the standard application file tree.
Confirming the current version of a BeyondTrust Remote Support or Privileged Remote Access deployment is the prerequisite for any patching decision. The version is visible in the appliance's administrative interface under the status or about section. Cloud-hosted BeyondTrust deployments managed directly by BeyondTrust receive automatic updates on a schedule the vendor controls; on-premises deployments require manual update initiation by the deploying organisation. For on-premises deployments, the update package for RS and PRA 25.3.3 is available through BeyondTrust's support portal, and the update procedure is documented in the release notes accompanying the advisory.
Organisations that run multiple BeyondTrust appliances, a common pattern in large enterprises with regional or functional segmentation, should verify each appliance individually rather than assuming uniform version deployment. Appliances that were not included in the most recent maintenance cycle may be running older versions that require update. The patching priority for any appliance with an externally accessible management interface is higher than for those accessible only from internal networks, because the pre-authentication nature of CVE-2026-40138 and CVE-2026-40139 means that any network path to the appliance's authentication endpoint is a potential exploitation path.
Unpatched routers, exposed privileged access management portals, and web application servers running outdated software all represent footprints your organisation may not know it has. Defendis continuously monitors the attack surface visible from the outside: exposed services, leaked credentials, and chatter in underground markets where initial access to specific organisations is traded. When a new critical vulnerability lands against software your organisation runs, or when credentials from your domain appear in a stealer log, your team gets the signal before an attacker acts on it. See how early exposure detection changes incident outcomes, or request a tailored briefing for your organisation.