SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification
CVE-2026-48558

9.5CRITICAL

Key Information:

Vendor

Simplehelp
Status
Simplehelp
Vendor
CVE Published:
12 June 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-48558?

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.

Affected Version(s)

SimpleHelp 5.5.0

SimpleHelp 5.5.0 < 5.5.16

SimpleHelp 6.0 < 6.0 RC2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-48558 - Proof of Concept

References

https://horizon3.ai/attack-research/disclosures/cve-2026-...
technical-descriptionexploit
https://simple-help.com/security/simplehelp-security-upda...
vendor-advisory
https://simple-help.com/release-news
release-notes

CVSS V4

Score:
9.5
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Zach Hanley (@hacks_zach) of Horizon3.ai
.