Simple Help Simplehelp
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Simple Help Simplehelp.
By the Year
In 2026 there have been 1 vulnerability in Simple Help Simplehelp with an average score of 10.0 out of ten. Last year, in 2025 Simplehelp had 3 security vulnerabilities published. Right now, Simplehelp is on track to have less security vulnerabilities in 2026 than it did last year. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.27.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 1 | 10.00 |
| 2025 | 3 | 8.73 |
It may take a day or so for new Simplehelp vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Simple Help Simplehelp Security Vulnerabilities
SimpleHelp <5.5.16 / 6.0 pre RC2 OIDC Auth Bypass
CVE-2026-48558
10 - Critical
- June 12, 2026
SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic signature. In a vulnerable configuration, a remote, unauthenticated attacker can submit a forged token containing arbitrary identity claims to obtain a fully authenticated technician session. In some configurations, this may also allow bypass of multi-factor authentication. No user interaction is required.
Improper Verification of Cryptographic Signature
SimpleHelp v5.5.7-5.5.7 Arbitrary File Upload via Zip Slip (RCE)
CVE-2024-57728
7.2 - High
- January 15, 2025
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
Directory traversal
SimpleHelp v5.5.7 Unauthenticated Path Traversal Remote File Retrieval
CVE-2024-57727
9.1 - Critical
- January 15, 2025
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.
Directory traversal
SimpleHelp v5.5.7- earlier: privilege escalation via overprivileged API keys
CVE-2024-57726
9.9 - Critical
- January 15, 2025
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Simple Help Simplehelp or by Simple Help? Click the Watch button to subscribe.