SimpleHelp bug lets hackers create rogue remote support accounts

A vulnerability in the SimpleHelp remote management software allows unauthenticated attackers to create privileged technician accounts on servers using the OpenID Connect (OIDC) authentication protocol.

The flaw is tracked as CVE-2026-48558 and received a critical severity rating. It impacts SimpleHelp versions 5.5.15 and older, as well as 6.0 pre-release versions.

Researchers at offensive security company Horizon3.ai explain that the issue is caused by how identity assertions received from an OIDC identity provider (IdP) are validated.

When OIDC authentication is enabled, an unauthenticated attacker can create and log in as a new Technician user without needing to go through the multi-factor authentication (MFA) process.

"This Technician, by default, can perform privileged management activities such as remoting into managed endpoints, executing scripts, and more," Horizon3.ai researcher Zach Hanley explains.

The flaw is tracked as CVE-2026-48558 and received a critical severity rating. It impacts SimpleHelp versions 5.5.15 and older, as well as 6.0 pre-release versions.

Researchers at offensive security company Horizon3.ai explain that the issue is caused by how identity assertions received from an OIDC identity provider (IdP) are validated.

When OIDC authentication is enabled, an unauthenticated attacker can create and log in as a new Technician user without needing to go through the multi-factor authentication (MFA) process.

"This Technician, by default, can perform privileged management activities such as remoting into managed endpoints, executing scripts, and more," Horizon3.ai researcher Zach Hanley explains.

SimpleHelp bug lets hackers create rogue remote support accounts

SimpleHelp bug lets hackers create rogue remote support accounts

Other newsrooms on this story

Related reading

Ivanti Sentry Exploitation Attempts Hitting Honeypots

Critical UniFi OS bug lets hackers gain root without authentication

Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Max severity Ivanti Sentry vulnerability now exploited in attacks

Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw

Other newsrooms on this story

Related reading

Ivanti Sentry Exploitation Attempts Hitting Honeypots

Critical UniFi OS bug lets hackers gain root without authentication

Critical Vulnerability in HP VoIP Phones Enables Enterprise Network Breaches

KnowledgeDeliver flaw exploited as a zero-day to install web shells

Max severity Ivanti Sentry vulnerability now exploited in attacks

Cisco serves up yet another perfect 10 bug with Secure Workload admin flaw