Remote Support Beyondtrust Remote Support

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in Beyondtrust Remote Support.

By the Year

In 2026 there have been 4 vulnerabilities in Beyondtrust Remote Support. Remote Support did not have any published security vulnerabilities last year. That is, 4 more vulnerabilities have already been reported in 2026 as compared to last year.

Year Vulnerabilities Average Score
2026 4 0.00
2025 0 0.00
2024 2 8.20
2023 1 9.80

It may take a day or so for new Remote Support vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Beyondtrust Remote Support Security Vulnerabilities

High-Severity Auth Bypass in BeyondTrust Remote Support Web Component
CVE-2026-40141 - July 06, 2026

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope. Exploitation is restricted to accounts with specific permissions.

Improper Neutralization of Special Elements in Data Query Logic

BeyondTrust Remote Support: Pre-auth Network Comm Input Validation DOS
CVE-2026-40140 - July 06, 2026

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting appliance availability.

Resource Exhaustion

Critical preauth bypass in BeyondTrust Remote Support auth subsystem
CVE-2026-40139 - July 06, 2026

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of authentication requests may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled.

authentification

BeyondTrust Remote Access Auth Bypass (CVE-2026-40138)
CVE-2026-40138 - July 06, 2026

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance, including accounts with elevated privileges. Exploitation requires a specific authentication configuration to be enabled

authentification

Command Injection in Privileged Remote Access & Remote Support (PRA/RS)
CVE-2024-12686 6.6 - Medium - December 18, 2024

A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user.

Shell injection

Unauthenticated Command Injection in PRA/RS Remote Access
CVE-2024-12356 9.8 - Critical - December 17, 2024

A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

Command Injection

BeyondTrust PRA/RS 23.2.123.2.2 Cmd Injection via HTTP
CVE-2023-4310 9.8 - Critical - September 05, 2023

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability which can be exploited through a malicious HTTP request. Successful exploitation of this vulnerability can allow an unauthenticated remote attacker to execute underlying operating system commands within the context of the site user. This issue is fixed in version 23.2.3.

Command Injection

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Beyondtrust Remote Support or by Beyondtrust? Click the Watch button to subscribe.

Beyondtrust
Vendor

subscribe