FILTERING BY: CLEAR FILTER

Critical Authentication Bypass in SimpleHelp RMM Leveraged for Djinn Stealer Deployment

CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software stemming from improper validation of OpenID Connect (OIDC) token signatures when group-authenticated login is enabled. Attackers exploit this flaw to forge identity tokens, bypass multi-factor authentication (MFA), and provision rogue technician-level administrator accounts. This unauthorized privileged access allows for the mass deployment of "Djinn Stealer," a cross-platform information stealer targeting Windows and macOS, across all managed endpoints. This creates a significant supply-chain risk for Managed Service Providers (MSPs) and their clients, enabling widespread credential theft and lateral movement.


LINK COPIED TO CLIPBOARD