SimpleHelp OIDC Authentication Bypass (CVE-2026-48558)

critical-cve-against-infra · active

SimpleHelp remote support software versions 5.5.15 and prior (and 6.0 pre-release versions) contain an authentication bypass in the OIDC login flow that does not verify identity token signatures. A remote, unauthenticated attacker can forge a token to gain a fully authenticated technician session, and in some cases bypass MFA, with no user interaction required.

Affected packages

Sources

• ghsahttps://github.com/advisories/GHSA-m93h-gjv2-fmq2
• nvdhttps://nvd.nist.gov/vuln/detail/CVE-2026-48558
• google-searchhttps://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs
• google-searchhttps://simple-help.com/release-news
• google-searchhttps://simple-help.com/security/simplehelp-security-update-2026-05