THE U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical authentication bypass vulnerability, tracked as CVE-2026-48558, to its Known Exploited Vulnerabilities catalog. This flaw affects SimpleHelp versions 5.5.15 and earlier, as well as 6.0 pre-release versions, allowing attackers to forge authentication tokens and gain unauthorized access to technician sessions.
Discovered by Zach Hanley from Horizon3.ai, the vulnerability poses significant risks to organizations using SimpleHelp for remote support and can potentially allow lateral movement within networks. CISA has mandated that federal agencies address this vulnerability by July 2, 2026, recommending that private organizations also review and mitigate the风险.