CVE-2026-48558: SimpleHelp Authentication Bypass Vulnerability
Summary
A critical authentication bypass vulnerability has been identified in SimpleHelp's OIDC authentication flow, allowing unauthenticated attackers to forge identity tokens and gain technician sessions, potentially bypassing multi-factor authentication. CISA has mandated mitigations and an application deadline of July 2, 2026, for federal systems.
IFF Assessment
This vulnerability allows unauthenticated attackers to bypass authentication mechanisms and gain unauthorized access, posing a significant risk to defenders.
Severity
The vulnerability allows remote, unauthenticated attackers to bypass authentication by forging OIDC identity tokens, leading to full technician session acquisition and potential multi-factor authentication bypass, indicating a critical impact and high exploitability.
CISA KEV: Listed as actively exploited. Federal patch due: July 02, 2026. Known ransomware use: Unknown.
Defender Context
This vulnerability in SimpleHelp's OIDC authentication flow allows for unauthenticated remote code execution, posing a significant risk of unauthorized access and data compromise. Defenders should prioritize applying vendor-provided mitigations and ensure compliance with CISA's directives for risk-based patching to prevent exploitation.