CVE-2026-48558: Critical Authentication Bypass Vulnerability in SimpleHelp RMM Exploited for Credential Theft and Malware Delivery
CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software, caused by improper validation of OpenID Connect (OIDC) token signatures. When OIDC is configured with group-authenticated login settings, unauthenticated attackers can forge identity tokens to bypass multi-factor authentication and gain privileged technician-level access to vulnerable SimpleHelp servers — without valid credentials.