CVE- 2026-48558 is a critical authentication bypass vulnerability in SimpleHelp, affecting versions 5.5.0 and 6.0. Attackers exploit this flaw, which allows unauthenticated access to technician sessions by forging identity tokens. Blackpoint confirmed active exploitation in the wild, leading to the deployment of malware such as TaskWeaver and Djinn Stealer, which steal sensitive credentials. The CVSS score for this vulnerability is 10.0, indicating its severity.
SimpleHelp has released patches in versions 5.5.16 and 6.0 RC2, and users are urged to update immediately. Organizations are also advised to restrict access and monitor system logs for suspicious activity.