ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) catalog lists CVE-2024-57726 as a SimpleHelp Missing Authorization Vulnerability, which could allow low-privileged technicians to create API keys with excessive permissions and escalate to the server admin role. The entry notes that Known To Be Used in Ransomware Campaigns? Unknown, and provides an action recommending mitigations per vendor instructions, guidance under cloud service policies, or discontinuation of use if mitigations are unavailable.
Date Added is 24 April 2026, with a Due Date of 8 May 2026. The KEV entry also references related CWE-862 and links to vendor security notes and the NVD entry for the CVE. This information is part of the KEV Catalog, which CISA maintains as the authoritative source of vulnerabilities exploited in the wild.