SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)

A critical authentication bypass vulnerability (CVE-2026-48558) in SimpleHelp's remote monitoring and management tool allows unauthenticated attackers to create a Technician account and gain full access to managed endpoints. The flaw affects deployments using OpenID Connect authentication, even when multi-factor authentication is enforced.

A critical vulnerability CVE-2026-48558 in SimpleHelp, a popular remote monitoring and management RMM tool, can be exploited remotely by unauthenticated attackers to create a new “Technician” account and use it to remote into managed endpoints, execute scripts, and more. Maliciously “forged” Technician account Source: Horizon3.ai The vulnerability CVE-2026-48558 is an authentication bypass flaw affecting SimpleHelp deployments configured to use OpenID Connect OIDC authentication. “Even when the SimpleHelp server is configured to enforce MFA for technicians, … More https://www.helpnetsecurity.com/2026/06/16/simplehelp-rmm-cve-2026-48558/ The post SimpleHelp RMM flaw could give attackers full access to managed endpoints CVE-2026-48558 https://www.helpnetsecurity.com/2026/06/16/simplehelp-rmm-cve-2026-48558/ appeared first on Help Net Security https://www.helpnetsecurity.com .