๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2026-48558: SimpleHelp Authentication Bypass Vulnerability
Summary
SimpleHelp has a critical authentication bypass vulnerability in its OIDC authentication flow (a system where login identity is verified through a trusted third party). Attackers can submit forged identity tokens without the system checking their cryptographic signature, allowing them to gain unauthorized access to technician accounts and potentially bypass multi-factor authentication (an extra security layer requiring multiple forms of proof). This vulnerability is currently being exploited by real attackers.
Solution / Mitigation
Apply mitigations in accordance with vendor instructions at https://simple-help.com/security/simplehelp-security-update-2026-05, ensuring compliance with CISA's BOD 26-04 guidance on prioritizing security updates. For cloud services, follow applicable BOD 26-04 guidance or discontinue use of the product if mitigations are unavailable. Stakeholders must evaluate each asset's internet exposure and ensure adherence to BOD 26-04 patching guidelines by the due date of 2026-07-02.
Vulnerability Details
EPSS: 0.7%
Yes
๐ฅ Actively Exploited
June 28, 2026
Classification
Taxonomy References
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-48558
First tracked: June 29, 2026 at 08:01 PM
Classified by LLM (prompt v3) ยท confidence: 95%