BeyondTrust Remote Support and Privileged Remote Access critical fixes
Security Patch Release
Summary
Hide ▲
Show ▼
BeyondTrust released RS 25.3.3 and PRA 25.3.3 to fix four critical vulnerabilities in its remote-access appliances, including pre-authentication access-control bypass issues that could let unauthenticated attackers gain unauthorized access. The patch bundle also addresses a denial-of-service flaw and a limited-privilege authorization bypass issue affecting susceptible deployments.
Related Happenings
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch Release
H score62
First: 15.04.2026 00:22
Last: 15.04.2026 00:22
Sources 1
About this happening:
**Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch ReleaseAbout this happening: **Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Storm-1175 high-tempo Medusa ransomware campaign
Campaign
H score59
First: 07.04.2026 13:02
Last: 07.04.2026 13:02
Sources 1
About this happening:
**Storm-1175** is running a **high-tempo Medusa ransomware campaign** that has repeatedly exploited **n-day and zero-day flaws** to gain initial access before patching closes the...
Storm-1175 high-tempo Medusa ransomware campaign
CampaignAbout this happening: **Storm-1175** is running a **high-tempo Medusa ransomware campaign** that has repeatedly exploited **n-day and zero-day flaws** to gain initial access before patching closes the...
Storm-1175 high-velocity zero-day and N-day intrusion campaign
Campaign
H score44
First: 07.04.2026 09:35
Last: 07.04.2026 09:35
Sources 1
About this happening:
**Storm-1175** is running a **high-velocity intrusion campaign** that chains **zero-day** and **N-day vulnerabilities** to gain initial access to exposed systems, raising the risk...
Storm-1175 high-velocity zero-day and N-day intrusion campaign
CampaignAbout this happening: **Storm-1175** is running a **high-velocity intrusion campaign** that chains **zero-day** and **N-day vulnerabilities** to gain initial access to exposed systems, raising the risk...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/Mitigation
H score46
First: 20.02.2026 19:02
Last: 20.02.2026 19:02
Sources 1
About this happening:
CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
CISA KEV mitigation for BeyondTrust CVE-2026-1731
Advisory/MitigationAbout this happening: CISA ordered urgent **KEV** mitigation for **CVE-2026-1731** in **BeyondTrust Remote Support** and **Privileged Remote Access**, forcing affected federal deployments to **apply th...
CISA updates KEV entry for CVE-2026-1731
Public Sector Action
H score36
First: 20.02.2026 17:45
Last: 20.02.2026 17:45
Sources 1
About this happening:
**CISA** updated its **KEV catalog** entry for **CVE-2026-1731**, confirming the flaw has been used in **ransomware campaigns** and elevating its government-tracked risk. The upda...
CISA updates KEV entry for CVE-2026-1731
Public Sector ActionAbout this happening: **CISA** updated its **KEV catalog** entry for **CVE-2026-1731**, confirming the flaw has been used in **ransomware campaigns** and elevating its government-tracked risk. The upda...
Timeline
-
07.07.2026 08:16 2 articles · 2d ago
BeyondTrust patches Remote Support and Privileged Remote Access critical flaws
Mitigation Patch UpdateBeyondTrust released updates for Remote Support RS and Privileged Remote Access PRA to fix four critical vulnerabilities, including CVE-2026-40138 and CVE-2026-40139 pre-authentication access-control bypass issues, CVE-2026-40140 for denial of service, and CVE-2026-40141 for unintended data or resource access. The fixes apply to RS 25.3.2 or lower and PRA 25.3.2 or lower, with remediation available in RS 25.3.3 and PRA 25.3.3; BeyondTrust said it identified the issues internally with assistance from Anthropic Claude Opus 4.8 and proprietary research tooling and did not mention in-the-wild exploitation.
Show sources
- BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA — thehackernews.com — 07.07.2026 08:16
- BeyondTrust Patches Critical Auth Bypass Flaws in Remote Support and PRA — thehackernews.com — 07.07.2026 08:16