BeyondTrust Security Updates – 07 July 2026

BeyondTrust has released security updates to address vulnerabilities affecting Remote Support (RS), Privileged Remote Access (PRA), and Privilege Management for Windows.

The addressed vulnerabilities could allow the attacker to bypass security restrictions, conduct denial of service attacks, or execute arbitrary code and gain access to the affected product.

Sample of the addressed vulnerabilities:

1. BeyondTrust Improper Neutralization of Special Elements Used in an OS Command Vulnerability (CVE-2026-1731):

  • CVSS 4.0: 9.9
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Gain Access

2. BeyondTrust Uncontrolled Resource Consumption Vulnerability (CVE-2026- 40140):

  • CVSS 4.0: 8.7
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Denial of Service

It should be highlighted that security researchers publicly disclosed a proof-ofconcept (PoC) for the vulnerability “CVE-2026-1731” that exists in the wild.

Vulnerabilities
  • CVE-2026-1232
  • CVE-2026-1731
  • CVE-2026-40138
  • CVE-2026-40139
  • CVE-2026-40140
  • CVE-2026-40141
Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

BeyondTrust Security Advisory

References