BeyondTrust fixes pre-auth auth bypass bugs in Remote Support and PRA
Source headline: BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA
Intelligence Summary
BeyondTrust has released security updates to remediate two critical authentication bypass vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) products. The most severe issue, CVE-2026-40138, is a pre-authentication flaw that could let an unauthenticated attacker take control of affected devices. The patches are intended to close the logic that allows bypassing authentication checks. Organizations using RS or PRA should review their deployments and apply the vendor updates as soon as possible. Until patched, systems may remain exposed to remote takeover attempts.
Recommended Action
Prioritize immediate review, validate exposure, and patch or mitigate affected systems.