SimpleHelp Authentication Bypass Exploited to Hijack Remote Endpoints

Researchers report a maximum-severity authentication bypass in SimpleHelp, tracked as CVE-2026-48558 (CVSS 10), that enables unauthenticated attackers to forge identity tokens and obtain administrative control. The flaw is tied to the app’s OIDC single sign-on handling, where submitted tokens can be accepted without proper cryptographic signature verification, also undermining MFA protections. This matters because compromised instances can execute scripts and pivot into managed endpoints, so organizations should review internet-exposed remote support systems and patch or harden OIDC configurations promptly.