CVE-2026-40141 is a high-severity vulnerability in a web application component of BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is caused by insufficient validation of certain user-supplied input parameters. According to the provided content, an authenticated attacker with limited privileges, but possessing specific permissions, may be able to manipulate input in a way that allows access to unintended resources or data outside the attacker’s intended authorization scope. The issue affects RS and PRA versions 25.3.2 and earlier and is fixed in version 25.3.3 and later, as well as by the April 2026 Security Rollup for supported branches.
Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.
What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.
What an attacker gets, and what they’ve been doing with it.
If you can’t patch tonight, do this now.
Patch, then assume compromise.
No public exploits tracked yet. Mallory keeps watching.
No public exploit code observed for this vulnerability.
Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.
Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.
12 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
An authorization bypass vulnerability in a BeyondTrust web application component that allows authenticated users with limited privileges to access resources or data beyond their authorization scope.
A high-severity authorization flaw in a web application component of BeyondTrust RS/PRA that could let an authenticated low-privilege attacker access data or resources outside their intended permissions.
A high-severity improper input validation vulnerability in a web application component of affected BeyondTrust products that could allow authenticated low-privilege users to access unintended resources.
A web application authorization flaw in BeyondTrust Remote Support and Privileged Remote Access that could allow a limited authenticated user to access unintended resources or data beyond their authorization scope.
Query your assets running an affected version, and investigate the blast radius.
Every observed campaign linking this CVE to a named adversary.
Malware families riding this exploit, with evidence and IOCs.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Cross-references every affected SKU, including bundled OEM variants.
Community discussion across Reddit, Mastodon, and other social sources.