{"slug": "simplehelp-rmm-flaw-could-give-attackers-full-access-to-managed-endpoints-cve", "title": "SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)", "summary": "A critical authentication bypass vulnerability (CVE-2026-48558) in SimpleHelp's remote monitoring and management tool allows unauthenticated attackers to create a Technician account and gain full access to managed endpoints. The flaw affects deployments using OpenID Connect authentication, even when multi-factor authentication is enforced.", "body_md": "A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to create a new “Technician” account and use it to remote into managed endpoints, execute scripts, and more. Maliciously “forged” Technician account (Source: Horizon3.ai) The vulnerability CVE-2026-48558 is an authentication bypass flaw affecting SimpleHelp deployments configured to use OpenID Connect (OIDC) authentication. “Even when the SimpleHelp server is configured to enforce MFA for technicians, … [More ](https://www.helpnetsecurity.com/2026/06/16/simplehelp-rmm-cve-2026-48558/)\n\nThe post [SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)](https://www.helpnetsecurity.com/2026/06/16/simplehelp-rmm-cve-2026-48558/) appeared first on [Help Net Security](https://www.helpnetsecurity.com).", "url": "https://wpnews.pro/news/simplehelp-rmm-flaw-could-give-attackers-full-access-to-managed-endpoints-cve", "canonical_source": "https://www.helpnetsecurity.com/2026/06/16/simplehelp-rmm-cve-2026-48558/", "published_at": "2026-06-16 13:33:52+00:00", "updated_at": "2026-06-16 13:51:43.652762+00:00", "lang": "en", "topics": ["ai-safety"], "entities": ["SimpleHelp", "Horizon3.ai", "Help Net Security"], "alternates": {"html": "https://wpnews.pro/news/simplehelp-rmm-flaw-could-give-attackers-full-access-to-managed-endpoints-cve", "markdown": "https://wpnews.pro/news/simplehelp-rmm-flaw-could-give-attackers-full-access-to-managed-endpoints-cve.md", "text": "https://wpnews.pro/news/simplehelp-rmm-flaw-could-give-attackers-full-access-to-managed-endpoints-cve.txt", "jsonld": "https://wpnews.pro/news/simplehelp-rmm-flaw-could-give-attackers-full-access-to-managed-endpoints-cve.jsonld"}}