CVE-2026-48558: SimpleHelp OIDC Auth Bypass Used to Deploy Infostealer Payloads
ID: 322cc467-9614-5623-b57a-3ba379502278
STIX ID: report--322cc467-9614-5623-b57a-3ba379502278
Feed Name: SOCRadar Blog
CVE-2026-48558 is a critical OIDC authentication bypass in SimpleHelp that allows attackers to forge identity tokens and obtain technician sessions; active exploitation has been observed delivering infostealers (Djinn Stealer) via an obfuscated Node.js loader (TaskWeaver). The report lists affected versions (5.5.1–5.5.15, pre-6.0 builds prior to 6.0 RC2), recommended upgrades (5.5.16+, 6.0 RC2+/public 6.0+), mitigation/hunt steps, and notes CISA added the vulnerability to the KEV catalog with a July 2, 2026 remediation deadline.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
