# BeyondTrust Fixes CVSS 9.2 PAM Bypass in Tools State Hackers Have Targeted for 18 Months

_Monday, July 13, 2026 at 8:00 AM EDT · Security · Latest · Tier 2 — Notable_

![BeyondTrust Fixes CVSS 9.2 PAM Bypass in Tools State Hackers Have Targeted for 18 Months — Primary](https://d.techtimes.com/en/full/468215/beyondtrust.png)

**Implication:** Organizations using BeyondTrust Remote Support or Privileged Remote Access must patch immediately to prevent unauthenticated attackers from gaining administrative control.

BeyondTrust disclosed four vulnerabilities in its Remote Support and Privileged Remote Access products on Tuesday, including two critical pre-authentication bypass flaws rated 9.2 on CVSS v4, and urged self-hosted customers to patch immediately or risk handing unauthenticated attackers administrative control of every system their enterprise manages. Cloud-hosted customers were patched silently on April 21, 2026. Self-hosted customers on version 25.3.2 or earlier who are not enrolled in automatic updates remain exposed right now. The vulnerabilities were identified internally during ongoing security assessments with assistance from publicly available artificial intelligence models, specifically naming Anthropic's Claude Opus 4.8. BeyondTrust RS and PRA have been targeted by sophisticated threat actors across three documented incident clusters in the last 18 months.

## Sources

- [Tech Times](https://www.techtimes.com/articles/319870/20260707/beyondtrust-fixes-cvss-92-pam-bypass-tools-state-hackers-have-targeted-18-months.htm)

---
Canonical: https://techandbusiness.org/newswire/h3sCa6C3k7Vs6HzjvdLUCh
Retrieved: 2026-07-13T15:29:27.516Z
Publisher: Tech & Business (techandbusiness.org)
