Critical SimpleHelp Vulnerability (CVE-2026-48558) Enables Malware Delivery via Forged Authentication Tokens
Summary
A critical vulnerability (CVE-2026-48558) with a CVSS score of 10 has been discovered in SimpleHelp's OpenID Connect authentication flow. The flaw allows attackers to bypass signature verification of identity tokens, enabling forged tokens for login. Remote attackers can access internet-facing SimpleHelp servers to transfer files and execute commands across managed systems. Observed attacks involve TaskWeaver (a Node.js loader) performing system fingerprinting and deploying encrypted JavaScript payloads, along with Djinn Stealer exfiltrating developer secrets including cloud credentials.
Source
Key quotes
· 5 pulledCVE-2026-48558 has a CVSS score of 10 and targets SimpleHelp's OpenID Connect authentication flow.
When OIDC is configured, the application fails to verify identity token cryptographic signatures, enabling forged tokens to be submitted during login.
A remote attacker can access an internet-facing SimpleHelp server to transfer files and execute commands across all managed systems.
In observed activity, TaskWeaver (a Node.js loader) performed system fingerprinting and deployed an encrypted JavaScript payload with full Node.js access.
Djinn Stealer exfiltrated developer secrets including cloud credentials.
You might also wanna read
Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
Critical RCE vulnerability CVE-2026-3854 discovered in GitHub's internal git infrastructure
Wiz Research discovered a critical vulnerability (CVE-2026-3854) in GitHub's internal git infrastructure affecting both GitHub.com and GitHu
Critical Security Vulnerability CVE-2025-66478 in React Server Components Protocol
A critical security vulnerability (CVE-2025-66478) has been discovered in the React Server Components (RSC) protocol with a CVSS score of 10
Analysis of Critical .NET Vulnerability CVE-2025-55315: HTTP Request Smuggling Explained
This article provides an in-depth technical analysis of CVE-2025-55315, a critical .NET vulnerability with a CVSS score of 9.9. The author e
Analysis of Critical .NET Vulnerability CVE-2025-55315: HTTP Request Smuggling Explained
This article provides an in-depth technical analysis of CVE-2025-55315, a critical .NET vulnerability with a CVSS score of 9.9. The author e
Critical Security Vulnerability in React Server Components (CVE-2025-55182) Allows Remote Code Execution
The React team disclosed a critical security vulnerability (CVE-2025-55182) rated CVSS 10.0 that allows unauthenticated remote code executio
Critical Redis Security Vulnerability CVE-2025-49844 Allows Remote Code Execution
Redis has identified and fixed a critical security vulnerability (CVE-2025-49844) that allows authenticated users to execute remote code thr

Comments
Sign in to join the conversation.
No comments yet. Be the first.