SecurityWeek ·EN-US News source
Critical SimpleHelp Vulnerability Exploited for Malware Delivery
CVE Tools coverage
A critical authentication bypass in SimpleHelp remote monitoring and management (RMM) software has been used to deliver malware, tracked as CVE-2026-48558 (CVSS 10). The flaw impacts SimpleHelp’s OpenID Connect (OIDC) login flow by letting attackers supply forged identity tokens to obtain fully authenticated technician sessions, enabling remote file transfer and command execution over systems managed by the server. Observed intrusions deployed TaskWeaver and Djinn Stealer, while SimpleHelp addressed the issue in versions 5.5.16 and 6.0 RC2; CISA also added CVE-2026-48558 to its KEV catalog to prompt rapid patching.