๐ฅ This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)
CVE-2024-57726: SimpleHelp Missing Authorization Vulnerability
Summary
SimpleHelp has a missing authorization vulnerability (a flaw where the software fails to check if a user has permission to perform an action) that lets low-privileged technicians create API keys (credentials used by programs to access systems) with too many permissions, potentially allowing them to gain admin-level control. This vulnerability is actively being exploited by attackers in the wild.
Solution / Mitigation
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Vulnerability Details
EPSS: 0.3%
Yes
๐ฅ Actively Exploited
April 23, 2026
Classification
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-57726
First tracked: April 24, 2026 at 02:00 PM
Classified by LLM (prompt v3) ยท confidence: 95%