Beyondtrust Privileged Remote Access — known CVE vulnerabilities
Every CVE whose affected-product data names Beyondtrust Privileged Remote Access, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (11)
CVE-2026-40141 — CVSS 9.9 (critical): A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to…
CVE-2023-4310 — CVSS 9.8 (critical): BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 contain a command injection vulnerability…
CVE-2025-5309 — CVSS 9.8 (critical): The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection…
CVE-2026-40139 — CVSS 9.8 (critical): A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support. Improper processing of…
CVE-2026-40138 — CVSS 8.1 (high): A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote…
CVE-2025-0217 — CVSS 7.8 (high): BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated…
CVE-2023-23632 — CVSS 7.8 (high): BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit…
CVE-2026-40140 — CVSS 7.5 (high): BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network…