{"id":284180,"date":"2026-06-30T15:51:00","date_gmt":"2026-06-30T19:51:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/30\/u-s-cisa-adds-simplehelp-flaw-to-its-known-exploited-vulnerabilities-catalog\/"},"modified":"2026-06-30T16:20:10","modified_gmt":"2026-06-30T20:20:10","slug":"u-s-cisa-adds-simplehelp-flaw-to-its-known-exploited-vulnerabilities-catalog","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/30\/u-s-cisa-adds-simplehelp-flaw-to-its-known-exploited-vulnerabilities-catalog\/","title":{"rendered":"U.S. CISA adds SimpleHelp\u00a0flaw to its Known Exploited Vulnerabilities catalog"},"content":{"rendered":"

U.S. CISA adds SimpleHelp\u00a0flaw to its Known Exploited Vulnerabilities catalog<\/a><\/p>\n

https:\/\/securityaffairs.com\/194503\/security\/u-s-cisa-adds-simplehelp-flaw-to-its-known-exploited-vulnerabilities-catalog.html<\/a><\/p>\n

Publish Date: 2026-06-30 15:51:00<\/a><\/p>\n

Source Domain: securityaffairs.com<\/a><\/p>\n

U.S. CISA adds SimpleHelp\u00a0flaw to its Known Exploited Vulnerabilities catalog<\/h2>\n<\/p>\n

\t\t\t\t\t\t\t Pierluigi Paganini<\/span>
\n\t\t\t\t\t\t\t\"\"\/ June 30, 2026<\/span><\/p>\n

\t\t\t\t\t\t\"\"\/<\/p>\n

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a SimpleHelp\u00a0flaw to its Known Exploited Vulnerabilities catalog.<\/h2>\n

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added a SimpleHelp\u00a0flaw, tracked as CVE-2026-48558 (CVSS score v3.1 of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog.<\/p>\n

CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp versions 5.5.15 and earlier and 6.0 pre-release versions. When OIDC authentication is enabled, the software fails to verify the cryptographic signature of identity tokens, allowing a remote, unauthenticated attacker to forge a token and gain a fully authenticated technician session. In some configurations, the flaw can also bypass multi-factor authentication (MFA), with no user interaction required.<\/p>\n

The researcher Zach Hanley (@hacks_zach) of Horizon3.ai discovered the vulnerability with the help of generative AI.<\/p>\n

SimpleHelp is a remote support and remote access platform that organizations use to provide technical assistance, manage endpoints, and access computers over the internet. It is commonly deployed by IT departments, managed service providers (MSPs), and help desks to troubleshoot devices, transfer files, run remote commands, and perform system administration without being physically present.<\/p>\n

Because SimpleHelp servers often provide privileged access to many customer systems, vulnerabilities in the platform can be particularly dangerous. If attackers compromise a SimpleHelp server, they may gain the same level of access as legitimate technicians, potentially allowing them to move laterally across networks, deploy malware, or steal sensitive data.<\/p>\n

\u201cThe vulnerability identified affects servers configured to use either version of OIDC and is rooted in the way…<\/p>\n

Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

U.S. CISA adds SimpleHelp\u00a0flaw to its Known Exploited Vulnerabilities catalog https:\/\/securityaffairs.com\/194503\/security\/u-s-cisa-adds-simplehelp-flaw-to-its-known-exploited-vulnerabilities-catalog.html Publish Date: 2026-06-30 15:51:00…<\/p>\n","protected":false},"author":1,"featured_media":284181,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2020\/07\/CISA.jpeg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,24,32,27],"class_list":["post-284180","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-cybersecurity","tag-malware","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/284180"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=284180"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/284180\/revisions"}],"predecessor-version":[{"id":284182,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/284180\/revisions\/284182"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/284181"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=284180"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=284180"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=284180"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}