SimpleHelp remote management software privileged technician account creation security flaw (CVE-2026-48558)
Vulnerability
Summary
Hide ▲
Show ▼
A critical CVE-2026-48558 in SimpleHelp remote management software lets unauthenticated attackers create privileged Technician accounts when OIDC is enabled, putting remote administration access at risk. The flaw affects 5.5.15 and older and 6.0 pre-release versions. SimpleHelp released 5.5.16 and 6.0RC2 on June 9 to fix the issue. No evidence of active exploitation was reported.
Timeline
-
15.06.2026 23:06 1 articles · 2h ago
SimpleHelp releases fixes for CVE-2026-48558
Mitigation Patch UpdateSimpleHelp released versions 5.5.16 and 6.0RC2 to fix CVE-2026-48558, a critical flaw in the SimpleHelp remote management software that affected 5.5.15 and older and 6.0 pre-release versions. Organizations unable to update were advised to restrict technician login sources using IP-based allowlists.
Show sources
- SimpleHelp bug lets hackers create rogue remote support accounts — www.bleepingcomputer.com — 15.06.2026 23:06
-
15.06.2026 23:06 2 articles · 2h ago
Horizon3.ai details a SimpleHelp OIDC flaw that creates privileged Technician accounts
Initial DisclosureHorizon3.ai described CVE-2026-48558 in SimpleHelp remote management software as a critical issue that lets unauthenticated attackers create and log in as privileged Technician users when OIDC authentication is enabled, bypassing MFA. The flaw affects SimpleHelp 5.5.15 and older and 6.0 pre-release versions, and the researchers said there was no evidence of active exploitation.
Show sources
- SimpleHelp bug lets hackers create rogue remote support accounts — www.bleepingcomputer.com — 15.06.2026 23:06
- SimpleHelp bug lets hackers create rogue remote support accounts — www.bleepingcomputer.com — 15.06.2026 23:06