Beyondtrust Privileged Remote Access
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Beyondtrust Privileged Remote Access.
By the Year
In 2026 there have been 4 vulnerabilities in Beyondtrust Privileged Remote Access. Last year, in 2025 Privileged Remote Access had 1 security vulnerability published. That is, 3 more vulnerabilities have already been reported in 2026 as compared to last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 0.00 |
| 2025 | 1 | 0.00 |
| 2024 | 2 | 8.20 |
| 2023 | 2 | 8.80 |
It may take a day or so for new Privileged Remote Access vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Beyondtrust Privileged Remote Access Security Vulnerabilities
BeyondTrust Remote Support: Pre-auth Network Comm Input Validation DOS
CVE-2026-40140
- July 06, 2026
BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting appliance availability.
Resource Exhaustion
Critical preauth bypass in BeyondTrust Remote Support auth subsystem
CVE-2026-40139
- July 06, 2026
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled.
authentification
BeyondTrust Remote Access Auth Bypass (CVE-2026-40138)
CVE-2026-40138
- July 06, 2026
A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled
authentification
BeyondTrust RS Check: Pre-Auth RCE via Crafted Requests
CVE-2026-1731
- February 06, 2026
BeyondTrust Remote Support (RS) and certain older versions of Privileged Remote Access (PRA) contain a critical pre-authentication remote code execution vulnerability. By sending specially crafted requests, an unauthenticated remote attacker may be able to execute operating system commands in the context of the site user.
Shell injection
Auth Bypass in BeyondTrust PRA (<25.1) Allows Unauthorized ShellJump View
CVE-2025-0217
- May 05, 2025
BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session that was initiated with external tools, allowing unauthorized access to connected sessions.
authentification
Command Injection in Privileged Remote Access & Remote Support (PRA/RS)
CVE-2024-12686
6.6 - Medium
- December 18, 2024
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.
Shell injection
Unauthenticated Command Injection in PRA/RS Remote Access
CVE-2024-12356
9.8 - Critical
- December 17, 2024
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.
Command Injection
BeyondTrust PRA (22.2-22.4) Local Auth Bypass via BYOT Shell
CVE-2023-23632
7.8 - High
- October 12, 2023
BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.
authentification
BeyondTrust PRA/RS 23.2.123.2.2 Cmd Injection via HTTP
CVE-2023-4310
9.8 - Critical
- September 05, 2023
BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.
Command Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Beyondtrust Privileged Remote Access or by Beyondtrust? Click the Watch button to subscribe.