SimpleHelp Releases Advisory for Authentication Bypass Vulnerability in SimpleHelp RMM
Successful exploitation of CVE-2026-48558 could allow a remote, unauthenticated attacker to bypass authentication and gain full administrative “Technician” access to managed endpoints
Summary
Successful exploitation of CVE-2026-48558 could allow a remote, unauthenticated attacker to bypass authentication and gain full administrative “Technician” access to managed endpoints
Affected platforms
The following platforms are known to be affected:
Threat details
Exploitation of CVE-2026-48558
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-48558 to its Known Exploited Vulnerabilities (KEV) Catalog.
The NHS England National CSOC assesses further exploitation as highly likely.
Introduction
SimpleHelp has released security updates to address a critical vulnerability in its Remote Monitoring and Management platform. Successful exploitation could allow a remote, unauthenticated attacker to bypass authentication and gain full administrative “Technician” access to managed endpoints.
- CVE-2026-48558 - "Improper Verification of Cryptographic Signature" vulnerability - CVSSv4 score: 9.5
Note: Exploitation only affects environments using OpenID Connect (OIDC) authentication within affected version.
Remediation advice
Affected organisations are encouraged to review security advisory SimpleHelp 5.5 and 6.0 Security Fix and apply the relevant update as soon as possible.
Definitive source of threat updates
Last edited: 30 June 2026 2:46 pm