GHSA-m93h-gjv2-fmq2 · Severity: critical — SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication...
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.
Conclusion & alert: CVE-2026-48558 is rated Critical Active Threat (86.2/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 1.22%). Core evidence: CISA KEV confirms active exploitation (added 2026-06-29) affecting SimpleHelp / SimpleHelp. a weakness (CWE-347) Unauthenticated remote administrative access may be possible. Mandatory action: Federal remediation is required by 2026-07-02 (CISA ED 26-03); assess exposure and apply mitigations immediately.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
: SimpleHelp Authentication Bypass Vulnerability · CISA KEV detail
: 2026-06-29
: 2026-07-02
: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-30 | 0.72% | 1.22% | +0.50% |
| 2 | 2026-06-23 | 0.63% | 0.72% | +0.09% |
| 3 | 2026-06-15 | — | 0.63% | — |
Full EPSS history (4 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 9.5 | 4.0 | CRITICAL |
|
— | — | [email protected] |
| 10.0 | 3.1 | CRITICAL |
|
3.9 | 6.0 | [email protected] |
GHSA-m93h-gjv2-fmq2 · Severity: critical — SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication...
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| simple-help | simplehelp | < 5.5.16 | cpe:2.3:a:simple-help:simplehelp:*:*:*:*:*:*:*:* |
| simple-help | simplehelp | 6.0 | cpe:2.3:a:simple-help:simplehelp:6.0:pre-release:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/ | Third Party Advisory |
| https://simple-help.com/release-news | Release Notes |
| https://simple-help.com/security/simplehelp-security-update-2026-05 | Patch Vendor Advisory |
| https://blackpointcyber.com/blog/a-djinn-in-the-machine-taskweavers-node-js-intrusion-chain/ | Technical Description Third Party Advisory |
| https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48558 | US Government Resource |