Home / Vulnerabilities / CVE-2026-48558
CRITICAL SEVERITY
CVE-2026-48558SimpleHelp · SimpleHelp

SimpleHelp Authentication Bypass Vulnerability

Technical Severity

CVSS v3.1 Metrics

CRITICAL
10 / 10
Minimal Risk Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Exploitation Likelihood

EPSS Prediction

1.16 %
Predictive Probability
Percentile Rank
63.3 th

Documented as more likely to be exploited than 63.3% of known CVEs.

Detection Date

Jun 29, 2026

Remediation Due

Jul 02, 2026

CISA Catalog Active

Threat Analysis

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.

Remediation Directive

Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.

External Intelligence