All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Critical SimpleHelp Vulnerability (CVE-2026-48558) Enables Malware Delivery via Forged Authentication Tokens

4d ago· 1 min readenNews

Summary

A critical vulnerability (CVE-2026-48558) with a CVSS score of 10 has been discovered in SimpleHelp's OpenID Connect authentication flow. The flaw allows attackers to bypass signature verification of identity tokens, enabling forged tokens for login. Remote attackers can access internet-facing SimpleHelp servers to transfer files and execute commands across managed systems. Observed attacks involve TaskWeaver (a Node.js loader) performing system fingerprinting and deploying encrypted JavaScript payloads, along with Djinn Stealer exfiltrating developer secrets including cloud credentials.

Source

bskyCritical SimpleHelp Vulnerability (CVE-2026-48558) Enables Malware Delivery via Forged Authentication Tokensbriefly.co

Key quotes

· 5 pulled
CVE-2026-48558 has a CVSS score of 10 and targets SimpleHelp's OpenID Connect authentication flow.
When OIDC is configured, the application fails to verify identity token cryptographic signatures, enabling forged tokens to be submitted during login.
A remote attacker can access an internet-facing SimpleHelp server to transfer files and execute commands across all managed systems.
In observed activity, TaskWeaver (a Node.js loader) performed system fingerprinting and deployed an encrypted JavaScript payload with full Node.js access.
Djinn Stealer exfiltrated developer secrets including cloud credentials.
Snippet from the RSS feed
CVE-2026-48558 lets attackers forge OIDC identity tokens to gain fully authenticated technician sessions in SimpleHelp RMM, enabling file transfer, command execution, and malware deployment.

You might also wanna read

Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer

thehackernews.com·4d ago

Critical RCE vulnerability CVE-2026-3854 discovered in GitHub's internal git infrastructure

Wiz Research discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure affecting both GitHub.com and GitHu

Wiz.io·2mo ago

Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol

A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10

nextjs.org·7mo ago

Analysis of Critical .NET Vulnerability CVE-2025-55315: HTTP Request Smuggling Explained

This article provides an in-depth technical analysis of CVE-2025-55315, a critical .NET vulnerability with a CVSS score of 9.9. The author e

andrewlock.net·8mo ago

Analysis of Critical .NET Vulnerability CVE-2025-55315: HTTP Request Smuggling Explained

This article provides an in-depth technical analysis of CVE-2025-55315, a critical .NET vulnerability with a CVSS score of 9.9. The author e

andrewlock.net·8mo ago

Critical Security Vulnerability in React Server Components (CVE-2025-55182) Allows Remote Code Execution

The React team disclosed a critical security vulnerability (CVE-2025-55182) rated CVSS 10.0 that allows unauthenticated remote code executio

react.dev·7mo ago

Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution

Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr

redis.io·9mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.