SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.
CVE-2026-48558
Score elevated to 10.0 because this CVE is listed on the CISA Known Exploited Vulnerabilities catalog (added 2026-06-29), indicating real-world exploitation has been confirmed by US federal agencies. a secondary CVSS source baseline 10.0 retained for reference (NVD's own analysis pending). Confidence: HIGH.
- Actively exploited in the wild (CISA-KEV)
No vendor fix yet — apply a workaround or compensating control (WAF / firewall / segmentation) and watch for a patch.
- CVSS v3
- 10.0
- EG Score
- 10.0(high)
- EPSS
- 63.3%
- KEV
- ⚠ Exploited
Published
June 12, 2026
Last Modified
June 30, 2026
Advisory Details (5)
Auto-updated Jun 30, 2026Known Exploited Vulnerabilities Catalog | CISA
Known Exploited Vulnerabilities Catalog | CISA. Listed in CISA Known Exploited Vulnerabilities catalog.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48558A Djinn in the Machine: TaskWeaver’s Node.js Intrusion Chain - Blackpoint Cyber
https://blackpointcyber.com/blog/a-djinn-in-the-machine-taskweavers-node-js-intrusion-chain/SimpleHelp Security Update (2026-05)
https://simple-help.com/security/simplehelp-security-update-2026-05CVE-2026-48558: SimpleHelp Auth Bypass IOCs | Horizon3.ai
https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/Vendor Advisories for CVE-2026-48558(1)
These vendors published their own advisory mentioning this CVE — often with vendor-specific remediation steps + affected product lists not in NVD.
Weakness Classification(1)
MITRE Common Weakness Enumeration — the root-cause categories this CVE belongs to.
Data Freshness Timeline
(refreshed 85× in last 7d / 303× in last 30d)
Each row is a source pipeline that fetched or updated this CVE on that date, with what changed. For example, "NVD update" means NVD published or revised its analysis for this CVE; "MITRE cvelistV5" means we ingested or refreshed it from the CNA feed. Most recent first.
Showing the most recent 100 of 303 total refreshes for this CVE.
- 2026-07-07 06:04 UTCEG score recompute
- 2026-07-07 06:04 UTCGHSA enrichment
- 2026-07-07 01:48 UTCEG score recompute
- 2026-07-07 01:47 UTCGHSA enrichment
- 2026-07-06 21:31 UTCEG score recompute
- 2026-07-06 21:31 UTCGHSA enrichment
- 2026-07-06 17:16 UTCEG score recompute
- 2026-07-06 17:15 UTCGHSA enrichment
- 2026-07-06 16:27 UTCEPSS rescore
- 2026-07-06 12:58 UTCEG score recompute
- 2026-07-06 12:58 UTCGHSA enrichment
- 2026-07-06 08:41 UTCEG score recompute
- 2026-07-06 08:41 UTCGHSA enrichment
- 2026-07-06 04:25 UTCEG score recompute
- 2026-07-06 04:25 UTCGHSA enrichment
- 2026-07-06 02:23 UTCEPSS rescore
- 2026-07-06 00:07 UTCEG score recompute
- 2026-07-06 00:07 UTCGHSA enrichment
- 2026-07-05 19:51 UTCEG score recompute
- 2026-07-05 19:51 UTCGHSA enrichment
- 2026-07-05 15:35 UTCEG score recompute
- 2026-07-05 15:34 UTCGHSA enrichment
- 2026-07-05 11:18 UTCEG score recompute
- 2026-07-05 11:18 UTCGHSA enrichment
- 2026-07-05 07:02 UTCEG score recompute
Show 75 moreShow fewer
- 2026-07-05 07:02 UTCGHSA enrichment
- 2026-07-05 02:46 UTCEG score recompute
- 2026-07-05 02:46 UTCGHSA enrichment
- 2026-07-05 02:30 UTCEPSS rescore
- 2026-07-04 22:30 UTCEG score recompute
- 2026-07-04 22:30 UTCGHSA enrichment
- 2026-07-04 18:14 UTCEG score recompute
- 2026-07-04 18:14 UTCGHSA enrichment
- 2026-07-04 13:57 UTCEG score recompute
- 2026-07-04 13:57 UTCGHSA enrichment
- 2026-07-04 09:41 UTCEG score recompute
- 2026-07-04 09:41 UTCGHSA enrichment
- 2026-07-04 06:31 UTCEPSS rescore
- 2026-07-04 05:25 UTCEG score recompute
- 2026-07-04 05:25 UTCGHSA enrichment
- 2026-07-04 01:08 UTCEG score recompute
- 2026-07-04 01:08 UTCGHSA enrichment
- 2026-07-03 20:52 UTCEG score recompute
- 2026-07-03 20:52 UTCGHSA enrichment
- 2026-07-03 16:36 UTCEG score recompute
- 2026-07-03 16:36 UTCGHSA enrichment
- 2026-07-03 12:20 UTCEG score recompute
- 2026-07-03 12:20 UTCGHSA enrichment
- 2026-07-03 08:03 UTCEG score recompute
- 2026-07-03 08:03 UTCGHSA enrichment
- 2026-07-03 03:47 UTCEG score recompute
- 2026-07-03 03:47 UTCGHSA enrichment
- 2026-07-02 23:31 UTCEG score recompute
- 2026-07-02 23:31 UTCGHSA enrichment
- 2026-07-02 19:15 UTCEG score recompute
- 2026-07-02 19:15 UTCGHSA enrichment
- 2026-07-02 14:59 UTCEG score recompute
- 2026-07-02 14:59 UTCGHSA enrichment
- 2026-07-02 10:44 UTCEG score recompute
- 2026-07-02 10:43 UTCGHSA enrichment
- 2026-07-02 06:28 UTCEG score recompute
- 2026-07-02 06:27 UTCGHSA enrichment
- 2026-07-02 02:10 UTCEG score recompute
- 2026-07-02 02:10 UTCGHSA enrichment
- 2026-07-01 21:55 UTCEG score recompute
- 2026-07-01 21:55 UTCGHSA enrichment
- 2026-07-01 19:16 UTCCISA KEV update
- 2026-07-01 17:39 UTCEG score recompute
- 2026-07-01 17:39 UTCGHSA enrichment
- 2026-07-01 15:07 UTCEPSS rescore
- 2026-07-01 13:23 UTCEG score recompute
- 2026-07-01 13:23 UTCGHSA enrichment
- 2026-07-01 09:07 UTCEG score recompute
- 2026-07-01 09:07 UTCGHSA enrichment
- 2026-07-01 04:52 UTCEG score recompute
- 2026-07-01 04:52 UTCGHSA enrichment
- 2026-07-01 00:36 UTCEG score recompute
- 2026-07-01 00:36 UTCGHSA enrichment
- 2026-06-30 23:22 UTCEPSS rescore
- 2026-06-30 20:20 UTCEG score recompute
- 2026-06-30 20:20 UTCGHSA enrichment
- 2026-06-30 16:04 UTCEG score recompute
- 2026-06-30 16:04 UTCGHSA enrichment
- 2026-06-30 11:48 UTCEG score recompute
- 2026-06-30 11:48 UTCGHSA enrichment
- 2026-06-30 07:31 UTCEG score recompute
- 2026-06-30 07:31 UTCGHSA enrichment
- 2026-06-30 03:15 UTCEG score recompute
- 2026-06-30 03:15 UTCGHSA enrichment
- 2026-06-29 22:59 UTCEG score recompute
- 2026-06-29 22:59 UTCGHSA enrichment
- 2026-06-29 19:12 UTCCISA KEV update
- 2026-06-29 18:43 UTCEG score recompute
- 2026-06-29 18:43 UTCGHSA enrichment
- 2026-06-29 13:25 UTCEG score recompute
- 2026-06-29 13:25 UTCGHSA enrichment
- 2026-06-29 09:10 UTCEG score recompute
- 2026-06-29 09:10 UTCGHSA enrichment
- 2026-06-29 04:54 UTCEG score recompute
- 2026-06-29 04:53 UTCGHSA enrichment
Publicly available exploits
(1 reference)Working exploit code is in the public domain (1 GitHub PoC). Defenders should treat patch urgency accordingly — public PoCs typically lead to mass-exploitation within 24-72 hours.
- GitHub PoCJ4ck3LSyN-Gen2/CVE-2026-48558First seen Jul 2, 2026
SimpleHelp OIDC Authentication Bypass PoC
Open source ↗
Frequently asked(6)
What is CVE-2026-48558?
When was CVE-2026-48558 disclosed?
Is CVE-2026-48558 actively exploited?
What is the CVSS score of CVE-2026-48558?
Which products are affected by CVE-2026-48558?
How do I remediate CVE-2026-48558?
Dependency Blast Radius
Explore the affected products and dependency analysis for CVE-2026-48558
Is Your Infrastructure Affected by CVE-2026-48558?
EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.