GitHub PoC

FIRST EPSS

EPSS estimates the probability of exploitation in the next 30 days. Higher values indicate higher likelihood of real-world exploitation.

MITRE

CVSS

• Score: 9.5
• Severity: CRITICAL
• Vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

SSVC

• Exploitation: active
• Automatable: yes
• Technical Impact: total

References

• https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
• https://simple-help.com/security/simplehelp-security-update-2026-05
• https://simple-help.com/release-news

Show Raw Data

Key	Remaining Key	Value
dataType		CVE_RECORD
dataVersion		5.2
cveMetadata >	cveId	CVE-2026-48558
cveMetadata >	assignerOrgId	83251b91-4cc7-4094-a5c7-464a1b83ea10
cveMetadata >	state	PUBLISHED
cveMetadata >	assignerShortName	VulnCheck
cveMetadata >	dateReserved	2026-05-21T18:34:46.418Z
cveMetadata >	datePublished	2026-06-12T17:07:05.453Z
cveMetadata >	dateUpdated	2026-06-30T03:55:20.638Z
containers >	cna > providerMetadata > orgId	83251b91-4cc7-4094-a5c7-464a1b83ea10
containers >	cna > providerMetadata > shortName	VulnCheck
containers >	cna > providerMetadata > dateUpdated	2026-06-12T17:07:05.453Z
containers >	cna > title	SimpleHelp Authentication Bypass via Missing OIDC JWT Signature Verification
containers >	cna > descriptions > 0 > lang	en
containers >	cna > descriptions > 0 > value	SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.
containers >	cna > datePublic	2026-05-26T00:00:00.000Z
containers >	cna > problemTypes > 0 > descriptions > 0 > lang	en
containers >	cna > problemTypes > 0 > descriptions > 0 > cweId	CWE-347
containers >	cna > problemTypes > 0 > descriptions > 0 > description	Improper Verification of Cryptographic Signature
containers >	cna > problemTypes > 0 > descriptions > 0 > type	CWE
containers >	cna > affected > 0 > defaultStatus	affected
containers >	cna > affected > 0 > vendor	SimpleHelp
containers >	cna > affected > 0 > product	SimpleHelp
containers >	cna > affected > 0 > versions > 0 > status	affected
containers >	cna > affected > 0 > versions > 0 > version	5.5.0
containers >	cna > affected > 0 > versions > 0 > versionType	semver
containers >	cna > affected > 0 > versions > 0 > lessThan	5.5.16
containers >	cna > affected > 0 > versions > 1 > status	affected
containers >	cna > affected > 0 > versions > 1 > version	6.0
containers >	cna > affected > 0 > versions > 1 > versionType	custom
containers >	cna > affected > 0 > versions > 1 > lessThan	6.0 RC2
containers >	cna > metrics > 0 > format	CVSS
containers >	cna > metrics > 0 > scenarios > 0 > lang	en
containers >	cna > metrics > 0 > scenarios > 0 > value	GENERAL
containers >	cna > metrics > 0 > cvssV4_0 > attackVector	NETWORK
containers >	cna > metrics > 0 > cvssV4_0 > attackComplexity	LOW
containers >	cna > metrics > 0 > cvssV4_0 > attackRequirements	PRESENT
containers >	cna > metrics > 0 > cvssV4_0 > privilegesRequired	NONE
containers >	cna > metrics > 0 > cvssV4_0 > userInteraction	NONE
containers >	cna > metrics > 0 > cvssV4_0 > vulnConfidentialityImpact	HIGH
containers >	cna > metrics > 0 > cvssV4_0 > subConfidentialityImpact	HIGH
containers >	cna > metrics > 0 > cvssV4_0 > vulnIntegrityImpact	HIGH
containers >	cna > metrics > 0 > cvssV4_0 > subIntegrityImpact	HIGH
containers >	cna > metrics > 0 > cvssV4_0 > vulnAvailabilityImpact	HIGH
containers >	cna > metrics > 0 > cvssV4_0 > subAvailabilityImpact	HIGH
containers >	cna > metrics > 0 > cvssV4_0 > exploitMaturity	NOT_DEFINED
containers >	cna > metrics > 0 > cvssV4_0 > Safety	NOT_DEFINED
containers >	cna > metrics > 0 > cvssV4_0 > Automatable	NOT_DEFINED
containers >	cna > metrics > 0 > cvssV4_0 > Recovery	NOT_DEFINED
containers >	cna > metrics > 0 > cvssV4_0 > valueDensity	NOT_DEFINED
containers >	cna > metrics > 0 > cvssV4_0 > vulnerabilityResponseEffort	NOT_DEFINED
containers >	cna > metrics > 0 > cvssV4_0 > providerUrgency	NOT_DEFINED
containers >	cna > metrics > 0 > cvssV4_0 > version	4.0
containers >	cna > metrics > 0 > cvssV4_0 > baseSeverity	CRITICAL
containers >	cna > metrics > 0 > cvssV4_0 > baseScore	9.5
containers >	cna > metrics > 0 > cvssV4_0 > vectorString	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
containers >	cna > metrics > 1 > format	CVSS
containers >	cna > metrics > 1 > scenarios > 0 > lang	en
containers >	cna > metrics > 1 > scenarios > 0 > value	GENERAL
containers >	cna > metrics > 1 > cvssV3_1 > attackVector	NETWORK
containers >	cna > metrics > 1 > cvssV3_1 > attackComplexity	LOW
containers >	cna > metrics > 1 > cvssV3_1 > privilegesRequired	NONE
containers >	cna > metrics > 1 > cvssV3_1 > userInteraction	NONE
containers >	cna > metrics > 1 > cvssV3_1 > scope	CHANGED
containers >	cna > metrics > 1 > cvssV3_1 > confidentialityImpact	HIGH
containers >	cna > metrics > 1 > cvssV3_1 > integrityImpact	HIGH
containers >	cna > metrics > 1 > cvssV3_1 > availabilityImpact	HIGH
containers >	cna > metrics > 1 > cvssV3_1 > version	3.1
containers >	cna > metrics > 1 > cvssV3_1 > baseSeverity	CRITICAL
containers >	cna > metrics > 1 > cvssV3_1 > baseScore	10
containers >	cna > metrics > 1 > cvssV3_1 > vectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
containers >	cna > references > 0 > url	https://horizon3.ai/attack-research/disclosures/cve-2026-48558-simplehelp-authentication-bypass-iocs/
containers >	cna > references > 0 > tags > 0	technical-description
containers >	cna > references > 0 > tags > 1	exploit
containers >	cna > references > 1 > url	https://simple-help.com/security/simplehelp-security-update-2026-05
containers >	cna > references > 1 > tags > 0	vendor-advisory
containers >	cna > references > 2 > url	https://simple-help.com/release-news
containers >	cna > references > 2 > tags > 0	release-notes
containers >	cna > credits > 0 > lang	en
containers >	cna > credits > 0 > value	Zach Hanley (@hacks_zach) of Horizon3.ai
containers >	cna > credits > 0 > type	finder
containers >	cna > source > discovery	UNKNOWN
containers >	cna > x_generator > engine	vulncheck
containers >	adp > 0 > metrics > 0 > other > type	ssvc
containers >	adp > 0 > metrics > 0 > other > content > timestamp	2026-06-12T00:00:00+00:00
containers >	adp > 0 > metrics > 0 > other > content > options > 0 > Exploitation	active
containers >	adp > 0 > metrics > 0 > other > content > options > 1 > Automatable	yes
containers >	adp > 0 > metrics > 0 > other > content > options > 2 > Technical Impact	total
containers >	adp > 0 > metrics > 0 > other > content > role	CISA Coordinator
containers >	adp > 0 > metrics > 0 > other > content > version	2.0.3
containers >	adp > 0 > metrics > 0 > other > content > id	CVE-2026-48558
containers >	adp > 0 > references > 0 > url	https://blackpointcyber.com/blog/a-djinn-in-the-machine-taskweavers-node-js-intrusion-chain/
containers >	adp > 0 > references > 0 > tags > 0	third-party-advisory
containers >	adp > 0 > references > 1 > url	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2026-48558
containers >	adp > 0 > references > 1 > tags > 0	government-resource
containers >	adp > 0 > title	CISA ADP Vulnrichment
containers >	adp > 0 > providerMetadata > orgId	134c704f-9b21-4f2e-91b3-4a467353bcc0
containers >	adp > 0 > providerMetadata > shortName	CISA-ADP
containers >	adp > 0 > providerMetadata > dateUpdated	2026-06-30T03:55:20.638Z