ACCORDING to CISA, CVE-2024-57728 is listed in the Known Exploited Vulnerabilities Catalog for SimpleHelp, described as a Path Traversal Vulnerability. SimpleHelp allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (zip slip), which can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. The entry notes a related CWE of 22 and that it is currently Unknown whether it has been used in ransomware campaigns.
Action recommended includes applying mitigations per vendor instructions, following applicable guidance for cloud services, or discontinuing use of the product if mitigations are unavailable. The record shows Date Added as 24 April 2026 and Due Date as 08 May 2026.