Critical BeyondTrust Authentication Flaws Expose Remote Support Appliances to Attacks
ID: 271c5385-079a-574e-94b6-cae1c5eb149d
STIX ID: report--271c5385-079a-574e-94b6-cae1c5eb149d
Feed Name: GBHackers
BeyondTrust disclosed multiple critical and high-severity vulnerabilities in its Remote Support and Privileged Remote Access appliances (CVE-2026-40138–40141, up to CVSS 9.2). The most severe issues allow unauthenticated attackers to bypass authentication and potentially gain full appliance access, with additional flaws enabling denial-of-service and unauthorized data access; cloud customers were auto-patched on April 21, 2026, but self-hosted systems must be updated to 25.3.3 or apply the April 2026 security rollup—organizations should prioritize patching internet-facing appliances and reviewing authentication configurations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
