BEYONDTRUST has disclosed multiple critical pre-authentication vulnerabilities affecting its Remote Support and Privileged Remote Access products, specifically CVE-2026-40138 and CVE-2026-40139, both with a CVSS score of 9.2. These vulnerabilities allow attackers to bypass access controls and gain unauthorized access. No confirmed exploitation has been reported yet, and patches are available. System administrators are advised to update to versions 26.2.1 or 25.3.3 immediately.
The vulnerabilities stem from improper authentication validation and insufficient input validation. High-severity issues also include CVE-2026-40140 and CVE-2026-40141. Affected versions are 25.3.2 and lower.