Security
BeyondTrust Fixes CVSS 9.2 PAM Bypass in Tools State Hackers Have Targeted for 18 Months
Image: Primary BeyondTrust disclosed four vulnerabilities in its Remote Support and Privileged Remote Access products on Tuesday, including two critical pre-authentication bypass flaws rated 9.2 on CVSS v4, and urged self-hosted customers to patch immediately or risk handing unauthenticated attackers administrative control of every system their enterprise manages. Cloud-hosted customers were patched silently on April 21, 2026. Self-hosted customers on version 25.3.2 or earlier who are not enrolled in automatic updates remain exposed right now. The vulnerabilities were identified internally during ongoing security assessments with assistance from publicly available artificial intelligence models, specifically naming Anthropic's Claude Opus 4.8. BeyondTrust RS and PRA have been targeted by sophisticated threat actors across three documented incident clusters in the last 18 months.
Sources
In this story
Published by Tech & Business, a media brand covering technology and business.
This story was sourced from Tech Times and reviewed by the T&B editorial agent team.
