What is SimpleHelp?
SimpleHelp is a Remote Monitoring and Management (RMM) platform used by managed service providers (MSPs) and IT teams to remotely access, monitor, and manage endpoints. Because a single SimpleHelp server acts as a gateway to potentially thousands of managed endpoints, it is a force-multiplier target: a single compromise grants an attacker lateral movement capability across every machine the MSP administers.
SimpleHelp came to prominence as an attack vector in 2025, when three separate CVEs (CVE-2024-57727, CVE-2024-57728, CVE-2024-57729) were chained by Akira ransomware operators.
Overview
CVE-2026-48558 is a critical (CVSS 10.0) authentication bypass in SimpleHelp's OpenID Connect (OIDC) authentication flow. When OIDC authentication is configured, the server accepts identity tokens during login without verifying their cryptographic signatures. An unauthenticated remote attacker can submit a forged JWT token containing arbitrary identity claims to obtain a fully authenticated Technician session. In some configurations this also bypasses multi-factor authentication.
Horizon3.ai discovered the vulnerability in May 2026; patches were released June 9. By the time of public disclosure on June 12, approximately 14,000 internet-exposed SimpleHelp servers were identified, with roughly 1,000 (~7%) configured with the vulnerable OIDC method. Active exploitation was confirmed by Blackpoint Cyber on June 29, 2026 — the same day CISA added the vulnerability to the KEV catalog.
Affected Versions
| Channel | Vulnerable | Fixed |
|---|---|---|
| SimpleHelp 5.x | 5.5.15 and earlier | 5.5.16 |
| SimpleHelp 6.0 | Pre-release builds | 6.0 RC2 / final |
Three conditions must all be met for a server to be vulnerable via this path:
- OIDC authentication is enabled
- A TechnicianGroup is associated with the OIDC provider
- "Allow group authenticated logins" is enabled
Technical Details
The root cause is CWE-347 — Improper Verification of Cryptographic Signature. During OIDC login, SimpleHelp accepts the identity token's claims but never validates the token's cryptographic signature. An attacker fabricates a JWT with arbitrary identity claims (any email address, group memberships) and submits it directly to the login endpoint. Because the signature check is absent, SimpleHelp treats the forged token as valid and issues a full Technician session.
MFA bypass: When multi-factor authentication is configured, this vulnerability still allows bypass. A newly self-registered Technician account sets up MFA during its first login session — the forged token creates the account before MFA enrollment has occurred, meaning the attacker's initial session proceeds without MFA challenge.
Key attack characteristics:
- No authentication required: Full unauthenticated exploitation
- Scope Changed: Compromise of the SimpleHelp Technician session enables access to all endpoints under management
- No user interaction: The vulnerability triggers entirely through the login endpoint
Discovery
Discovered by researchers at Horizon3.ai. Private disclosure was made to SimpleHelp on May 22, 2026. SimpleHelp released patches on June 9, 2026 — 18 days after disclosure. Horizon3.ai published their full technical disclosure with IOCs on June 12, 2026.
Exploitation Context
Active exploitation was documented by Blackpoint Cyber, who observed attackers using a forged OIDC token to obtain a Technician session on an internet-facing SimpleHelp server. Post-compromise, attackers deployed two previously-unknown malware families:
TaskWeaver — a Node.js-based loader disguised as jquery.js, fetched from a temporary Cloudflare URL and executed via node.exe. It reconstructs Node.js require() at runtime to evade static analysis and uses AES-256-GCM plus RSA-2048 for C2 communications.
Djinn Stealer — a cross-platform information stealer (Windows/macOS/Linux) delivered as an encrypted JavaScript payload (~298 KB). Targets cloud platform credentials (AWS, Azure, GCP, Oracle Cloud, Okta, Cloudflare), developer tools (GitHub, SSH keys, Docker), AI assistant configs (Claude MCP, Gemini, Codex), package registry tokens, cryptocurrency wallets, and browser-stored credentials. Exfiltration uses PAX tar compressed with gzip and encrypted with AES-256-GCM.
No specific threat actor has been publicly attributed. At public disclosure, Horizon3.ai identified approximately 14,000 internet-exposed SimpleHelp servers, with roughly 1,000 in the vulnerable OIDC configuration.
Remediation
- Upgrade immediately: Update to SimpleHelp 5.5.16 or 6.0 RC2 / final as appropriate for your version
- Assess your OIDC configuration: If OIDC is not enabled — or if "Allow group authenticated logins" is off — your server is not vulnerable via this specific path; upgrade is still recommended
- Audit Technician accounts: Review all Technician accounts for unexpected new entries created after June 9, 2026; investigate and remove any unknown accounts immediately
- Search for TaskWeaver and Djinn indicators: Look for
jquery.jsfiles in unexpected locations, anomalousnode.exeexecution initiated by SimpleHelp processes, and outbound connections to Cloudflare worker URLs - Review identity provider logs: Check your OIDC provider (Azure AD, Okta, etc.) for login attempts that don't correlate with legitimate user activity in the June 9–29 window
- Limit server exposure: If your SimpleHelp server does not need to be internet-facing, place it behind a VPN or restrict access by IP allowlist to reduce the attack surface
Key Details
| Property | Value |
|---|---|
| CVE ID | CVE-2026-48558 |
| Vendor / Product | SimpleHelp — SimpleHelp |
| NVD Published | 2026-06-12 |
| NVD Last Modified | 2026-06-30 |
| CVSS 3.1 Score | 10 |
| CVSS 3.1 Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Severity | CRITICAL |
| CWE | CWE-347 find similar ↗ |
| CISA KEV Added | 2026-06-29 |
| CISA KEV Deadline | 2026-07-02 |
| Known Ransomware Use | No |
CVSS 3.1 Breakdown
Required Action
Timeline
| Date | Event |
|---|---|
| 2026-05-21 | Horizon3.ai discovers and validates CVE-2026-48558 |
| 2026-05-22 | Private disclosure to SimpleHelp |
| 2026-06-09 | SimpleHelp patches released (5.5.16 / 6.0 RC2) |
| 2026-06-12 | CVE published; Horizon3.ai public disclosure — approximately 14,000 exposed servers counted |
| 2026-06-29 | Active exploitation confirmed (Blackpoint Cyber); added to CISA Known Exploited Vulnerabilities catalog |
| 2026-07-02 | CISA BOD 22-01 remediation deadline |
References
| Resource | Type |
|---|---|
| SimpleHelp Security Update 2026-05 | Vendor Advisory |
| NVD — CVE-2026-48558 | Vulnerability Database |
| CISA KEV Catalog Entry | US Government |
| Horizon3.ai — CVE-2026-48558 SimpleHelp Authentication Bypass IOCs | Security Research |
| Blackpoint Cyber — A Djinn in the Machine: TaskWeaver's Node.js Intrusion Chain | Security Research |
| Arctic Wolf — CVE-2026-48558 Exploited for Credential Theft and Malware Delivery | Security Research |
| BleepingComputer — Hackers Exploit Critical SimpleHelp Flaw, Deploy Djinn Infostealer | Security News |
| The Hacker News — Attackers Exploit SimpleHelp CVE-2026-48558 | Security News |