Back to overview

CVE-2026-40141

HIGH
8.5
CVSS 4.0
Description
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to access unintended resources or data beyond their authorization scope. Exploitation is restricted to accounts with specific permissions.

Metadata

CVE ID
CVE-2026-40141
State
PUBLISHED
Assigner
BT
Reserved
2026-04-09 18:36 UTC
Published
2026-07-06 16:13 UTC
Last updated
2026-07-06 18:56 UTC
Primary CWE
CWE-943
CWE-943 Improper Neutralization of Special Elements in Data …
Vendor / Product
BeyondTrust / Remote Support
Sources
cve.org  ·  NVD

Severity & Metrics

8.5 HIGH CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
partial
Affected products (2)
VendorProductPlatformVersions
BeyondTrust Privilege Remote Access 0 < 26.2.1, 0 < 25.3.3
BeyondTrust Remote Support 0 < 26.2.1, 0 < 25.3.3
Weakness (CWE)
CWESourceDescription
CWE-943 cna CWE-943 Improper Neutralization of Special Elements in Data Query Logic
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.5 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H
Back to overview