9.8
CVE-2026-40139
- EPSS 0.65%
- Veröffentlicht 06.07.2026 16:13:02
- Zuletzt bearbeitet 07.07.2026 18:39:48
- Quelle 13061848-ea10-403d-bd75-c83a02
- CVE-Watchlists
- Unerledigt
Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Beyondtrust ≫ Privileged Remote Access Version < 25.3.3
Beyondtrust ≫ Remote Support Version < 25.3.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.468 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 13061848-ea10-403d-bd75-c83a022c2891 | 9.2 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://www.beyondtrust.com/trust-center/security-advisories/bt26-03