AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

🔥 This vulnerability is being actively exploited in the wild (CISA Known Exploited Vulnerabilities catalog)

CVE-2024-57728: SimpleHelp Path Traversal Vulnerability

infovulnerability🔥 Actively Exploited

security

Source: CISA Known Exploited VulnerabilitiesApril 23, 2026CVE-2024-57728

Summary

SimpleHelp has a path traversal vulnerability (a flaw that lets attackers access files outside their intended directory) that allows admin users to upload malicious zip files and place arbitrary files anywhere on the server, potentially leading to arbitrary code execution (running commands the attacker chooses on the system). This vulnerability is currently being actively exploited by attackers.

Solution / Mitigation

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. See https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier for vendor-specific guidance.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 1.2%

Patch Available

Yes

Exploit Maturity

🔥 Actively Exploited

Disclosure Date

April 23, 2026

Classification

Attack SophisticationModerate

Taxonomy References

CWE (Weakness Type)

CWE-22

CAPEC (Attack Pattern)

CAPEC-126

Affected Vendors

Monthly digest — independent AI security research

Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-57728

First tracked: April 24, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 95%