logo

CISA Adds Actively Exploited SimpleHelp Vulnerability to KEV Catalog

ID: e93e246a-af67-5498-8798-0dba5ac04ad5

STIX ID: report--e93e246a-af67-5498-8798-0dba5ac04ad5

Feed Name: GBHackers

Threat Score
88/100

Date Published: 2026-07-01

Date Updated: 2026-07-02

Author: Divya

...
...

CISA has added a critical SimpleHelp vulnerability (CVE-2026-48558) to its KEV catalog: improper verification of OIDC identity token signatures enables unauthenticated attackers to forge tokens, bypass authentication (and in some configurations MFA), and gain technician-level remote access; CISA directs immediate remediation under BOD 26‑04 with a short remediation window.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.