Attackers Exploit SimpleHelp CVE-2026-48558 to Deploy TaskWeaver and Djinn Stealer Vulnerability
“Credentials accessible from a developer or administrator workstation may provide entry into production infrastructure, build pipelines, source code repositories, deployment platforms, cloud tenants, and customer environments long after the original endpoint has been contained.” The active exploitation of CVE-2026-48558 has prompted the U.S. The issue is tracked as CVE-2026-48558. The intrusion involves the exploitation of CVE-2026-48558 (CVSS score: 10.0), a critical authentication bypass vulnerability impacting the OpenID Connect (OIDC) flow that an unauthenticated attacker could exploit to obtain a fully authenticated “Technician session by submitting a forged token containing arbitrary identity claims.
The Vulnerability
New analysis from security firm Blackpoint Cyber found that an attacker exploited the flaw, tracked as CVE-2026-48558, to obtain a trusted technician session on an internet-facing SimpleHelp server.
Further details indicate that details of CVE-2026-48558 emerged earlier this month when Horizon3.ai, which discovered the flaw, said it affects servers configured to use either generic OIDC or Azure AD OIDC and that it stems from the manner in which SimpleHelp validates the IdP assertions.
“The observed second stage payload, Djinn Stealer, targets Windows, macOS, and Linux systems.” Djinn Stealer is designed to harvest credentials associated with cloud platforms, source control, package registries, infrastructure tooling, AI development assistants, browsers, SSH, and cryptocurrency wallets.
“This Technician, by default, can perform privileged management activities such as remoting into managed endpoints, executing scripts, and more.” “Even when the SimpleHelp server is configured to enforce MFA for technicians, this issue allows the attacker to bypass this mechanism because on first login, technicians can self-register their own MFA method.” In the attack chain documented by Blackpoint Cyber, successful exploitation of the flaw in the Remote Monitoring and Management (RMM) software is said to have enabled the threat actor to obtain an authenticated “Technician” session on a publicly-accessible server, which was then abused to deploy TaskWeaver and Djinn Stealer.
“Technician session by submitting a forged token containing arbitrary identity claims. ”, Spokesperson
Technical Details
CVEs:
From a technical standpoint, the vulnerability presents several concerns:
The breadth of the information targeted by the stealer is as follows - - Credentials, history, and bookmarks stored in web browsers - Configuration and authentication data associated with AWS, Azure, Google Cloud, Oracle Cloud Infrastructure, Okta, Cloudflare, DigitalOcean, Linode, Heroku, Vercel, Railway, Supabase, Pulumi, Terraform, HashiCorp Vault, and Consul - GitHub CLI data - Git configuration - SSH keys - Docker authentication - Helm registry information - S3 and MinIO client configurations - Subversion credentials - Credentials for npm, pnpm, Yarn, NuGet, Cargo, Composer, Maven, Gradle, pip, PyPI, Conda, Bun, Ivy, and Scala Build Tool - Configuration, authentication, session, and project data associated with Anthropic Claude, Google Gemini, OpenAI Codex, Cline, OpenCode, and Kilo - Cryptocurrency wallets and keystores associated with Bitcoin, Litecoin, Dogecoin, Dash, Ethereum, Monero, Zcash, Exodus, Atomic Wallet, and Electrum On Linux systems, the malware also attempts to read the “/proc/
Once the information is collected, it’s packed into a TAR archive, compressed with GZIP, encrypted using an AES-256-GCM key protected by an RSA-2048 public key embedded in TaskWeaver, and exfiltrated to attacker-controlled infrastructure (“96.126.130[.]126:58942”).
The campaign illustrates how threat actors are increasingly going after artificial intelligence (AI)-powered platforms as the technology gets embedded across enterprise workflows, enabling them to abuse the AI assistants’ privileges to access sensitive data.
SimpleHelp patched the flaw in late May, in versions 5.5.16 and 6.0 RC2.
Risk & Exposure
Details of CVE-2026-48558 emerged earlier this month when Horizon3.ai, which discovered the flaw, said it affects servers configured to use either generic OIDC or Azure AD OIDC and that it stems from the manner in which SimpleHelp validates the IdP assertions. In affected configurations, SimpleHelp failed to check the cryptographic signature of identity tokens in its OpenID Connect login, letting an unauthenticated attacker forge a token and sign in as a technician. SimpleHelp patched the flaw in late May, in versions 5.5.16 and 6.0 RC2.
Timeline
| Date | Event | |, , |, , -| | 2026 | Details of CVE-2026-48558 emerged earlier this month when Horizon3.ai, which discovered the flaw, said it affects ser… | | July 2, 2026 | Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalo… | | 2026 | New analysis from security firm Blackpoint Cyber found that an attacker exploited the flaw, tracked as CVE-2026-48558… |
Patching & Remediation
-
“In many SimpleHelp deployments that have OIDC-type authentication enabled, an unauthenticated attacker can create and authenticate as a new ‘Technician’ user,” Horizon3.ai security researcher Zach Hanley said.
-
Cybersecurity and Infrastructure Security Agency (CISA) to add it to the Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 2, 2026.
-
SimpleHelp patched the flaw in late May, in versions 5.5.16 and 6.0 RC2.
-
Blackpoint urged MSPs to patch, pull SimpleHelp off the internet and rotate any exposed secrets, treating credentials as compromised even after an endpoint is cleaned.
Analysis
This disclosure adds to a growing pattern of significant vulnerabilities affecting enterprise infrastructure.
Sources
SecurityXP delivers daily cybersecurity news, vulnerability analysis, data breach reports, and threat intelligence.
Security Digest
Get the latest cybersecurity news, vulnerability alerts, and threat intelligence delivered to your inbox.
Related Articles
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys Vulnerability (CVE-2026-4020)
The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to...
Vulnerabilities & ExploitsCisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild Vulnerability
Cisco Unified Communications Manager has a serious vulnerability, tracked as CVE-2026-20230 (CVSS score of 8.6), that attackers are already exploiting. The...
Vulnerabilities & ExploitsPalo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw Vulnerability
"Only a small portion of the probed devices actually established VPN sessions, resulting in gateway-connected events." The company has also released...
Vulnerabilities & ExploitsApple patches Beats Studio Buds flaw that could turn earbuds into a wiretap Vulnerability
The security update fixes CVE-2025-20701, a vulnerability discovered by Dennis Heinze and Frieder Steinmetz of German cybersecurity firm ERNW. The issue is...