CVE- 2026-48558 is a critical vulnerability in SimpleHelp, a remote monitoring and management platform, allowing authentication bypass and potential infostealer payload deployment. This flaw arises from improper verification of cryptographic signatures for OpenID Connect (OIDC) during technician logins, particularly affecting versions 5.5.1 to 5.5.15 and pre-release versions of 6.0. Active exploitation has been confirmed, linked to an intrusion chain using a tool called Djinn Stealer to steal credentials and tokens.
CISA has prioritized this issue, requiring immediate patching and risk mitigation, including restrictions to technician login and credential hygiene to protect against downstream attacks.