Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Emerging Threat: (CVE-2026-40138 & CVE-2026-40139) BeyondTrust Remote Support Authentication Bypass

CVE-2026-40138 and CVE-2026-40139 are two pre-authentication vulnerabilities in the authentication subsystem of BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA), stemming from improper validation and processing of authentication data. Both carry a CVSS v3.1 base score of 9.2 (Critical).

Emerging Threat: (CVE-2026-57517) Control Web Panel Remote Code Execution via SQL Injection

CVE-2026-57517 is a blind SQL injection vulnerability in Control Web Panel (CWP), caused by insufficient sanitization of the userRes POST parameter submitted to the panel’s user endpoint before the value is used to build a SQL query. The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical).

Emerging Threat: (CVE-2026-55957) Apache Tomcat Authentication Bypass via JNDIRealm GSSAPI Binds

CVE-2026-55957 is a missing critical step in authentication in Apache Tomcat, present when the JNDIRealm is configured to authenticate binds using GSSAPI. The vulnerability carries a CVSS v3.1 base score of 9.8 (Critical), based on network attack vector, low attack complexity, no privileges required, and no user interaction.