logo

CVE-2026-48558: SimpleHelp OIDC Auth Bypass Used to Deploy Infostealer Payloads

ID: 322cc467-9614-5623-b57a-3ba379502278

STIX ID: report--322cc467-9614-5623-b57a-3ba379502278

Feed Name: SOCRadar Blog

Threat Score
80/100

Date Published: 2026-06-30

Date Updated: 2026-07-02

Author: ameer

...
...

CVE-2026-48558 is a critical OIDC authentication bypass in SimpleHelp that allows attackers to forge identity tokens and obtain technician sessions; active exploitation has been observed delivering infostealers (Djinn Stealer) via an obfuscated Node.js loader (TaskWeaver). The report lists affected versions (5.5.1–5.5.15, pre-6.0 builds prior to 6.0 RC2), recommended upgrades (5.5.16+, 6.0 RC2+/public 6.0+), mitigation/hunt steps, and notes CISA added the vulnerability to the KEV catalog with a July 2, 2026 remediation deadline.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.