BeyondTrust patches critical auth bypass flaws in remote access tools used by healthcare

BeyondTrust has patched critical auth bypass flaws in Remote Support and PRA products widely used in healthcare for clinical IT and medical device access.

MRAdmin
By
2 Min Read

BeyondTrust has released emergency updates addressing multiple critical vulnerabilities in its Remote Support (RS) and Privileged Remote Access (PRA) products, including flaws that could allow unauthenticated attackers to bypass access controls and take control of affected appliances. The vulnerabilities, discovered through internal security assessments using AI-assisted tooling, affect configurations widely deployed in healthcare environments for remote IT support and privileged access management.

Vulnerability details

Three critical CVEs were disclosed: CVE-2026-40138 and CVE-2026-40139 are unauthenticated auth bypass flaws in specific configuration scenarios. CVE-2026-40141 allows authenticated users to escalate privileges and impact system integrity under specific configurations. Additional medium-severity flaws (CVE-2026-40140, CVE-2026-1731) could enable service disruption and unintended data access.

The most severe vulnerabilities may allow an unauthenticated remote attacker to bypass access controls and gain unauthorized access to the appliance. This is particularly dangerous in healthcare settings where BeyondTrust Remote Support is used for IT help desk access to clinical workstations, EHR systems, and medical devices.

Healthcare impact

Hospitals and health systems are among the largest users of BeyondTrust remote access products for managing clinical IT environments. A compromised BeyondTrust appliance could give an attacker direct access to systems handling PHI, including EHR databases, imaging systems, and connected medical devices. Many healthcare organizations rely on BeyondTrust for third-party vendor remote access to medical equipment, amplifying the supply chain risk.

BeyondTrust has released patched versions. Healthcare organizations using RS or PRA should prioritize this update given the unauthenticated remote exploitation vector and the sensitivity of systems accessed through these gateways.

Share This Article
Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *