
SimpleHelp OIDC Bypass Lets Attackers Gain Technician Session and Deploy Malware
A critical authentication bypass vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software. The flaw allows unauthenticated attackers to forge identity tokens within SimpleHelp’s OpenID Connect (OIDC) authentication flow, granting them a fully authenticated technician session without valid credentials. Following Blackpoint’s disclosure, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-48558 to its Known Exploited […]
The post SimpleHelp OIDC Bypass Lets Attackers Gain Technician Session and Deploy Malware appeared first on Cyber Security News.