SimpleHelp bug lets hackers create rogue remote support accounts

SimpleHelp bug lets hackers create rogue remote support accounts

A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol.

SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)

A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to create a new “Technician” account and use it to remote into managed endpoints, execute scripts, and more. Maliciously “forged” Technician account (Source: Horizon3.ai) The vulnerability CVE-2026-48558 is an authentication bypass flaw affecting SimpleHelp deployments configured t…

Nearly 14,000 SimpleHelp Servers Exposed Amid Critical Authentication Bypass Disclosure

Nearly 14,000 internet-facing SimpleHelp servers are exposed following the disclosure of a critical authentication bypass vulnerability tracked as CVE-2026-48558. The flaw raises serious concerns for enterprises using the remote monitoring and management (RMM) platform. Horizon3.ai identified the vulnerability through its autonomous research initiative “Sua Sponte,” which leverages AI-driven analysis to uncover exploitable flaws. The issue affec…

CVE-2026-48558: SimpleHelp OIDC Auth Bypass

SimpleHelp has released patches for CVE-2026-48558, an authentication bypass vulnerability affecting deployments configured to use OpenID Connect (OIDC) authentication. The issue stems from how SimpleHelp validates identity provider assertions, allowing an unauthenticated attacker to create and authenticate as a new Technician account under certain configurations. Because Technician accounts can… Source