Skip to main content

SimpleHelp Releases Advisory for Authentication Bypass Vulnerability in SimpleHelp RMM

Successful exploitation of CVE-2026-48558 could allow a remote, unauthenticated attacker to bypass authentication and gain full administrative “Technician” access to managed endpoints

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

Successful exploitation of CVE-2026-48558 could allow a remote, unauthenticated attacker to bypass authentication and gain full administrative “Technician” access to managed endpoints


Threat details

Exploitation of CVE-2026-48558

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-48558 to its Known Exploited Vulnerabilities (KEV) Catalog.

The NHS England National CSOC assesses further exploitation as highly likely.


Introduction

SimpleHelp has released security updates to address a critical vulnerability in its Remote Monitoring and Management platform. Successful exploitation could allow a remote, unauthenticated attacker to bypass authentication and gain full administrative “Technician” access to managed endpoints.

  • CVE-2026-48558 - "Improper Verification of Cryptographic Signature" vulnerability - CVSSv4 score: 9.5

Note: Exploitation only affects environments using OpenID Connect (OIDC) authentication within affected version.


Remediation advice

Affected organisations are encouraged to review security advisory SimpleHelp 5.5 and 6.0 Security Fix and apply the relevant update as soon as possible.



Last edited: 30 June 2026 2:46 pm