PatchSiren cyber security CVE debrief
CVE-2026-40140 BeyondTrust CVE debrief
CVE-2026-40140 is a high-severity pre-authentication vulnerability in BeyondTrust Remote Support and Privileged Remote Access. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting appliance availability. This vulnerability exists in the network communication subsystem. Organizations should prioritize patching to prevent potential denial-of-service attacks.
- Vendor
- BeyondTrust
- Product
- Remote Support
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-06
- Original CVE updated
- 2026-07-07
- Advisory published
- 2026-07-06
- Advisory updated
- 2026-07-07
Who should care
Organizations using BeyondTrust Remote Support and Privileged Remote Access should prioritize patching to prevent potential denial-of-service attacks. Security teams and vulnerability management teams should review the CVE record and NVD entry for further information.
Technical summary
The vulnerability exists in the network communication subsystem of BeyondTrust Remote Support and Privileged Remote Access. A remote attacker can exploit this vulnerability to trigger a denial-of-service condition due to insufficient validation of client-supplied input. The vulnerability has a CVSS score of 8.7 and is classified as HIGH severity. Organizations using these products should prioritize patching to prevent potential denial-of-service attacks. Security teams should review CVE and NVD records for further information and verify affected product deployments exist in managed environments.
Defensive priority
High
Recommended defensive actions
- Apply patches or updates provided by BeyondTrust to address the vulnerability
- Implement compensating controls to detect and prevent potential denial-of-service attacks
- Monitor system logs for suspicious activity
- Conduct regular vulnerability assessments and penetration testing
- Restrict access to sensitive systems and data
- Review CVE record and NVD entry for further information
- Verify affected product deployments exist in managed environments
Evidence notes
The CVE record was published on 2026-07-06T17:16:31.030Z and was last modified on 2026-07-07T18:40:15.720Z. The NVD entry is currently Analyzed. The vulnerability affects BeyondTrust Remote Support and Privileged Remote Access. Evidence is limited to public CVE and NVD information.
Official resources
-
CVE-2026-40140 CVE record
CVE.org
-
CVE-2026-40140 NVD detail
NVD
-
Source item URL
nvd_modified
-
Mitigation or vendor reference
13061848-ea10-403d-bd75-c83a022c2891 - Vendor Advisory
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-06T17:16:31.030Z and has not been modified since then. The NVD entry is currently Analyzed.