CVE-2026-40141
- EPSS 0.48%
- Veröffentlicht 06.07.2026 16:13:42
- Zuletzt bearbeitet 07.07.2026 18:43:46
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenti...
CVE-2026-40140
- EPSS 0.56%
- Veröffentlicht 06.07.2026 16:13:22
- Zuletzt bearbeitet 07.07.2026 18:40:15
BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to ...
CVE-2026-40139
- EPSS 0.65%
- Veröffentlicht 06.07.2026 16:13:02
- Zuletzt bearbeitet 07.07.2026 18:39:48
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthori...
CVE-2026-40138
- EPSS 0.42%
- Veröffentlicht 06.07.2026 16:12:42
- Zuletzt bearbeitet 07.07.2026 16:16:38
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access control...
CVE-2026-1731
- EPSS 88.12%
- Veröffentlicht 06.02.2026 21:49:20
- Zuletzt bearbeitet 17.02.2026 13:40:10
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be a...
CVE-2025-5309
- EPSS 0.88%
- Veröffentlicht 16.06.2025 16:06:14
- Zuletzt bearbeitet 21.08.2025 20:36:00
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution.
CVE-2024-12686
- EPSS 13.79%
- Veröffentlicht 18.12.2024 21:15:08
- Zuletzt bearbeitet 24.10.2025 13:43:52
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
CVE-2024-12356
- EPSS 87.99%
- Veröffentlicht 17.12.2024 05:15:06
- Zuletzt bearbeitet 24.10.2025 13:44:00
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
CVE-2023-4310
- EPSS 1.41%
- Veröffentlicht 05.09.2023 21:15:47
- Zuletzt bearbeitet 21.11.2024 08:34:49
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow a...
CVE-2017-5996
- EPSS 1.3%
- Veröffentlicht 26.10.2017 18:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before 16.1.5, and 16.2.x before 16.2.4 allows DLL hijacking because of weak %SYSTEMDRIVE%\ProgramData permissions.