HIGHVulnerability
Verified
Global

CISA KEV: SimpleHelp SimpleHelp — SimpleHelp Authentication Bypass Vulnerability

·Source: CISA KEV

Updated:

Executive Summary

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.

Analysis

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. Added to CISA Known Exploited Vulnerabilities catalog on 2026-06-29. Remediation due: 2026-07-02.

Indicators of Compromise (1)

CVE (1)
CVE-2026-48558
Source Attribution

Originally published by CISA KEV on Jun 29, 2026. Verified by: CISA.

Related Threats