Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

SimpleHelp security update for CVE-2026-48558

Security Patch Release
First reported
Last updated
Happening score
H score 65
1 unique sources, 1 articles

Summary

Hide ▲

SimpleHelp released 5.5.16 and 6.0RC2 on June 9 to fix CVE-2026-48558, a critical OIDC authentication flaw that could let unauthenticated attackers create privileged Technician accounts. The update matters for deployments that rely on OIDC because the bug could bypass MFA and grant remote-management access. The patch narrows exposure for affected SimpleHelp 5.5.15 and older installations and 6.0 pre-release builds.

Related Happenings

LiteSpeed cPanel user-end plugin urgent security update (CVE-2026-48172)

Security Patch Release
H score55 First: 27.05.2026 13:06 Last: 27.05.2026 13:06 Sources 1

About this happening: LiteSpeed released **urgent security updates** for the **cPanel user-end plugin** after **CVE-2026-48172** was found to be **actively exploited**, reducing exposure for systems ru...

Open Happening

TrendAI Trend Micro’s enterprise business security patch release for CVE-2026-34926

Security Patch Release
H score45 First: 22.05.2026 11:19 Last: 22.05.2026 11:19 Sources 1

About this happening: **TrendAI** released **Apex One** security updates after confirming a **zero-day** had been **exploited in the wild**, leaving **on-premises installations** at risk until patched....

Open Happening

Cisco Secure Workload REST API patch release (CVE-2026-20223)

Security Patch Release
H score55 First: 22.05.2026 08:36 Last: 22.05.2026 08:36 Sources 1

About this happening: Cisco patched **CVE-2026-20223**, a **CVSS 10.0** Secure Workload REST API flaw that could expose sensitive data and allow configuration changes across tenant boundaries. The upda...

Open Happening

Linux kernel Dirty Frag patch release (CVE-2026-43284, CVE-2026-43500)

Security Patch Release
H score49 First: 11.05.2026 17:30 Last: 11.05.2026 17:30 Sources 1

About this happening: **Major Linux distributions** are rolling out fixes for **Dirty Frag**, the **Linux kernel** patch release that covers **CVE-2026-43284** and **CVE-2026-43500**. The update matter...

Open Happening

CPanel security patch release for CVE-2026-29201

Security Patch Release
H score46 First: 09.05.2026 10:16 Last: 09.05.2026 10:16 Sources 1

About this happening: **cPanel** released updates for **cPanel and Web Host Manager (WHM)** to fix **three vulnerabilities** that could enable **privilege escalation**, **code execution**, or **denial-...

Open Happening

Timeline

  1. 15.06.2026 23:06 2 articles · 2h ago

    SimpleHelp releases 5.5.16 and 6.0RC2 to fix CVE-2026-48558

    Mitigation Patch Update

    SimpleHelp released versions 5.5.16 and 6.0RC2 on June 9 to fix CVE-2026-48558, a critical OIDC authentication flaw affecting SimpleHelp 5.5.15 and older plus 6.0 pre-release versions. The update closes a path where an unauthenticated attacker could create a privileged Technician account without MFA on deployments that use OIDC.

    Show sources
    Open in new tab
  2. 15.06.2026 23:06 1 articles · 2h ago

    Horizon3.ai details an OIDC flaw in SimpleHelp Technician account creation

    Technical Analysis Update

    Horizon3.ai says CVE-2026-48558 stems from improper validation of identity assertions from an OIDC IdP in SimpleHelp, and that exploitation requires OIDC authentication plus Technician Group settings that allow group authenticated logins. The researchers say the issue can let an unauthenticated attacker create and log in as a Technician with privileged management access, while SimpleHelp and Horizon3.ai report no evidence of active exploitation.

    Show sources
    Open in new tab