BleepingComputer • 1h
SimpleHelp Authentication Bypass CVE-2026-48558 Enables Rogue Administrator Creation
CVE-2026-48558 is a critical authentication bypass vulnerability in the SimpleHelp remote support platform stemming from improper OpenID Connect (OIDC) token validation. By exploiting flaws in the OIDC handshake, unauthenticated attackers can bypass security controls to create rogue technician accounts with full administrative privileges. This allows complete takeover of the SimpleHelp management server and subsequent unauthorized remote access to all managed endpoints. Active exploitation has been confirmed and cataloged by CISA's KEV, with adversaries utilizing this vector to deploy Djinn Stealer malware across Windows and macOS environments for data exfiltration and lateral movement.