cvedb.io
CVE-2026-48558
HIGH · CVSS n/a ⚠ KEV — EXPLOITED
EPSS exploitation probability: 0%
⚠ Listed in the CISA Known Exploited Vulnerabilities catalog — actively exploited.
Published 2026-06-29 · Last modified 2026-06-29

Summary

SimpleHelp contains an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication.

Affected products

SimpleHelp — SimpleHelp

Does this affect you?

Add your gear to cvedb and we'll alert you only when SimpleHelp ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.