SB2026063056 - Authentication bypass in SimpleHelp
Published: June 30, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper authentication (CVE-ID: CVE-2026-48558)
CWE-ID: CWE-287 - Improper Authentication
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
The vulnerability allows a remote attacker to bypass authentication and create a new technician account.
The vulnerability exists due to improper authentication in OIDC assertion validation when processing OIDC-based logins. A remote attacker can submit forged identity provider assertions to create and authenticate as a new technician user to bypass authentication and create a new technician account.
The issue affects deployments with at least one configured OIDC authentication provider, an associated TechnicianGroup, and the "Allow group authenticated logins" setting enabled. Even when MFA is enforced for technicians, first-login self-registration of MFA can allow that protection to be bypassed.
Note, the vulnerability is being actively exploited in the wild.
Remediation
Install update from vendor's website.
References
- https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
- https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.23
- https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.119
- https://simple-help.com/security/simplehelp-security-update-2026-05