49.2% probability · 97.8th percentile — 2026-05-12
Affected versions
SimpleHelp remote support software versions prior to the fixed vendor release
Summary
This critical vulnerability allows low-privileged authenticated technicians to create overprivileged API keys in SimpleHelp. Attackers can exploit the missing authorization control to escalate privileges to full server administrator access. This flaw is confirmed to be actively exploited and has publicly available exploit details.
Remediation
Immediately apply the latest security update from SimpleHelp to patch this vulnerability. If patches cannot be deployed immediately, restrict network access to SimpleHelp instances to only trusted IP addresses. Follow BOD 22-01 guidance for known exploited vulnerability mitigation.
Exploit info
This exploit has been publicly disclosed, with references to this issue documented in trusted public vulnerability databases. You may check Exploit-DB or GitHub for potential exploit details.
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.