CISA has added CVE‑2024‑57726 to its Known Exploited Vulnerabilities (KEV) catalogue. The flaw affects SimpleHelp, the remote‑support platform also named SimpleHelp, and is tracked as the SimpleHelp Missing Authorization Vulnerability. It allows a low‑privileged technician to create API keys with excessive permissions that can be used to escalate privileges to the server‑admin role. The issue exists in SimpleHelp versions 5.5.7 and earlier.
The vulnerability is a missing authorization check in the SimpleHelp API that permits authenticated low‑privileged users to generate API keys with elevated scopes. Exploitation requires network access to the SimpleHelp service and valid technician credentials; no user interaction is needed. Once obtained, such API keys grant the attacker the same privileges as a server administrator, enabling full control of the SimpleHelp server, potential data exfiltration and lateral movement within managed environments.
The flaw carries a CVSS v3.1 base score of 9.9, rating it Critical. A security patch is available from the vendor, first included in SimpleHelp version 5.5.8.
Because the entry is in the KEV catalogue, CISA confirms that the vulnerability is being actively exploited in the wild. No public reports link this flaw to ransomware campaigns at this time. Federal agencies must apply mitigations by the remediation due date of 8 May 2026.
CISA requires that affected Federal Civilian Executive Branch (FCEB) agencies apply mitigations per vendor instructions, follow applicable BOD 22‑01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. All other organisations should review their exposure to SimpleHelp, prioritise installing the available patch (version 5.5.8 or later) or implementing the vendor’s mitigations, and monitor for signs of compromise.
Full details are available in the NVD entry at https://nvd.nist.gov/vuln/detail/CVE-2024-57726 and the CISA KEV catalogue.