FILTERING BY: CLEAR FILTER

SimpleHelp RMM Authentication Bypass CVE-2026-48558 and Djinn Stealer Deployment

CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software resulting from improper OpenID Connect (OIDC) token signature validation. Attackers leveraging group-authenticated login settings can forge identity tokens to bypass Multi-Factor Authentication (MFA) and escalate to technician-level privileges. This flaw allows the creation of rogue administrator accounts for persistence and the deployment of Djinn Stealer, a cross-platform information stealer targeting Windows and macOS. Successful exploitation leads to the complete compromise of the RMM server and all managed endpoints, facilitating large-scale credential theft and lateral movement across the victim's infrastructure.


LINK COPIED TO CLIPBOARD