216.73.216.6

CVE-2026-48558

· Published 12/06/2026 20:16 · Modified 12/06/2026 18:16 · Author: The MITRE Corporation

Labels: CVE-2026-48558 2026-06-12CVE-2026-48558CWE-347[email protected]

Essential information

Published
12/06/2026 20:16
Modified
12/06/2026 18:16
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
10.0 CRITICAL (v3.1) 9.5 CRITICAL (v4.0)
CISA KEV
No
CWE
CWE-347
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
simplehelp / simplehelp cpe:2.3:a:simplehelp:simplehelp:5.5.15:*:*:*:*:*:*:*
simplehelp / simplehelp cpe:2.3:a:simplehelp:simplehelp:<5.5.15:*:*:*:*:*:*:*
simplehelp / simplehelp cpe:2.3:a:simplehelp:simplehelp:6.0:pre-release:*:*:*:*:*:*

References