CISA added CVE-2026-48558, a critical authentication bypass in SimpleHelp Remote Monitoring and Management software, to its Known Exploited Vulnerabilities catalog with a July 2, 2026 remediation deadline. The bug carries a CVSS score of 10.0 and is already being used in the wild to deploy a previously undocumented infostealer, Djinn Stealer, via a loader called TaskWeaver.
The bug
SimpleHelp supports OpenID Connect (OIDC) as a login option for its Technician console. The server accepts identity tokens (ID Tokens / JWTs) presented during that flow but does not validate the token’s cryptographic signature. An attacker who can reach the login endpoint can forge a JWT with arbitrary identity claims — including group membership — and hand it to the server as if it came from a legitimate OIDC provider. SimpleHelp accepts it and issues a fully authenticated Technician session, no credentials or MFA required.
Three conditions have to be true for a given deployment to be exploitable: OIDC authentication is enabled, at least one OIDC provider is configured, and a Technician group has “Allow group authenticated logins” turned on for that provider. That’s a common configuration for MSPs and IT help desks that federate SimpleHelp login to an existing identity provider for convenience — exactly the deployments most exposed to the internet.
Affected: SimpleHelp 5.5.15 and earlier, plus all 6.0 pre-release builds. Fixed in 5.5.16 and 6.0 RC2, both released in late May 2026.
Technician accounts are privileged by default — they can remote into any managed endpoint and push scripts through the RMM’s built-in execution channel, which is the same mechanism legitimate support sessions use. A forged login is indistinguishable from a real one at the network level.
The payload: TaskWeaver + Djinn Stealer
Blackpoint Cyber, investigating an intrusion, found attackers exploiting CVE-2026-48558 against an internet-facing SimpleHelp server to establish a Technician session, then using it to drop TaskWeaver, a Node.js-based loader, which in turn deploys Djinn Stealer — a cross-platform (Windows, macOS, Linux) credential harvester.
Djinn Stealer’s target list is notably developer-centric: cloud platform credentials, source-control sessions, package-registry tokens, infrastructure-as-code secrets, browser-stored credentials, SSH keys, cryptocurrency wallets, and — unusually — local configuration and Model Context Protocol (MCP) files for AI coding assistants including Claude, Gemini, Codex, Cline, OpenCode, and Kilo. Before exfiltration, collected data is packed into a TAR archive, GZIP-compressed, and encrypted with an AES-256-GCM key wrapped in an RSA-2048 public key embedded in the TaskWeaver binary, then sent to a C2 server.
Impact
The immediate victim is whoever runs the exposed SimpleHelp server — but the real damage lands downstream. A stolen cloud API key, package-registry publishing token, source-control session, or SSH key survives independently of the compromised RMM box. An attacker holding one of those can re-enter an environment through a trusted channel days or weeks later, tamper with software before it ships, reach production data, or pivot into an MSP’s customer tenants — all without touching SimpleHelp again. Given SimpleHelp’s install base among MSPs managing hundreds of downstream endpoints per server, a single successful exploitation can cascade the same way January 2025’s SimpleHelp path-traversal chain did with DragonForce ransomware.
Mitigation
- Upgrade immediately to SimpleHelp 5.5.16 (5.x branch) or 6.0 RC2 (6.x branch). There is no workaround short of disabling OIDC login entirely.
- If OIDC can’t be patched immediately, disable “Allow group authenticated logins” on Technician groups, or disable OIDC login as an auth method until you’ve upgraded.
- Take internet-facing SimpleHelp consoles offline if remote technician access isn’t a hard requirement — this bug, like the January 2025 chain, is only reachable because instances are routinely exposed for convenience.
- Hunt for indicators: unexpected Technician accounts or sessions you didn’t provision, TaskWeaver/Node.js processes spawned from the SimpleHelp service account, outbound connections to unfamiliar C2 infrastructure, and TAR/GZIP artifacts staged for exfiltration. Horizon3.ai and Blackpoint have published IOCs.
- Treat any secrets accessible from an affected host as burned: rotate cloud keys, package-registry tokens, source-control sessions, SSH keys, and any AI-assistant MCP configuration that could have been read by Djinn Stealer. Assume persistence was established independent of the SimpleHelp server itself.
References
- CISA Known Exploited Vulnerabilities Catalog
- Horizon3.ai — CVE-2026-48558: SimpleHelp OIDC Auth Bypass IOCs
- Help Net Security — SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer
- The Hacker News — Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer
- BleepingComputer — Hackers exploit critical SimpleHelp flaw, deploy new Djinn infostealer, TaskWeaver malware
- Arctic Wolf — CVE-2026-48558 Critical Authentication Bypass in SimpleHelp RMM