H3-2026-0025¶

SimpleHelp OIDC Authentication Bypass Vulnerability

Description¶

This vulnerability was discovered by Horizon3.ai researchers and responsibly disclosed to SimpleHelp as a 0-day. This H3-2026-0025 (CVE-2026-48558) is an authentication bypass vulnerability affecting SimpleHelp versions <= 5.5.15. A flaw in the OIDC authentication flow allows an unauthenticated attacker to bypass intended security controls and obtain a fully authenticated technician session.

Impact¶

An unauthenticated attacker gains a fully authenticated technician session with full permissions on the matched group, including remote desktop access, file transfer, and script execution on all managed endpoints registered to that group. Because anonymous logins are enabled by default for every technician group, no prior account provisioning is required. When a group enforces MFA, new anonymous accounts are presented with a first-login enrollment flow that an attacker can satisfy with their own authenticator device.

References¶

• SimpleHelp
• SimpleHelp Security Guide - Technician Login IP Restrictions
• NVD: CVE-2026-48558