Back to overview

CVE-2026-40140

HIGH
8.7
CVSS 4.0
Description
BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting appliance availability.

Metadata

CVE ID
CVE-2026-40140
State
PUBLISHED
Assigner
BT
Reserved
2026-04-09 18:36 UTC
Published
2026-07-06 16:13 UTC
Last updated
2026-07-06 18:55 UTC
Primary CWE
CWE-400
CWE-400 Uncontrolled Resource Consumption
Vendor / Product
BeyondTrust / Remote Support
Sources
cve.org  ·  NVD

Severity & Metrics

8.7 HIGH CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (2)
VendorProductPlatformVersions
BeyondTrust Privileged Remote Access 0 < 26.2.1, 0 < 25.3.3
BeyondTrust Remote Support 0 < 26.2.1, 0 < 25.3.3
Weakness (CWE)
CWESourceDescription
CWE-400 cna CWE-400 Uncontrolled Resource Consumption
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.7 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Back to overview