🔴 Critical | Source: CISA Known Exploited Vulnerabilities
A critical authentication bypass vulnerability in SimpleHelp’s OIDC login flow allows attackers to forge identity tokens and gain full technician-level access without valid credentials. Because cryptographic signatures on identity tokens are never verified, any unauthenticated remote attacker can craft a token with arbitrary claims. In some deployments this also bypasses multi-factor authentication entirely, significantly widening the blast radius.
Security Architect’s Take: Patch SimpleHelp immediately and prioritise instances exposed to the internet or integrated with your identity provider via OIDC. As an interim control, restrict access to the SimpleHelp management interface to trusted IP ranges via firewall or VPN, and audit recent technician session logs for anomalous or unexpected logins.
Original advisory: CVE-2026-48558: SimpleHelp SimpleHelp