Main Vulnerability Database Vulnerabilities #VU135974

Improper authentication in SimpleHelp - CVE-2026-48558

Published: June 30, 2026

Vulnerability identifier: #VU135974

CSH Severity: Critical

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red

CVE-ID: CVE-2026-48558

CWE-ID: CWE-287

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vendor: simple-help

Affected software:
SimpleHelp

Detailed vulnerability description

The vulnerability allows a remote attacker to bypass authentication and create a new technician account.

The vulnerability exists due to improper authentication in OIDC assertion validation when processing OIDC-based logins. A remote attacker can submit forged identity provider assertions to create and authenticate as a new technician user to bypass authentication and create a new technician account.

The issue affects deployments with at least one configured OIDC authentication provider, an associated TechnicianGroup, and the "Allow group authenticated logins" setting enabled. Even when MFA is enforced for technicians, first-login self-registration of MFA can allow that protection to be bypassed.

Note, the vulnerability is being actively exploited in the wild.

How to mitigate CVE-2026-48558

Install security update from vendor's website.

Improper authentication in SimpleHelp - CVE-2026-48558

Detailed vulnerability description

How to mitigate CVE-2026-48558

Sources

Please verify you're human