CISA Warns of Multiple SimpleHelp Vulnerabilities Exploited in Attack

HomeCyber Security News CISA Warns of Multiple SimpleHelp Vulnerabilities Exploited in Attack By Abinaya April 25, 2026 The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding two actively exploited vulnerabilities in SimpleHelp remote support software. Remote access tools are highly valued targets for cybercriminals because they provide direct pathways into corporate networks. When compromised, these platforms allow threat actors to bypass traditional security perimeters and launch devastating secondary attacks. Organizations using SimpleHelp must take immediate action to secure their infrastructure against potential compromise. Missing Authorization Flaw The first critical vulnerability, CVE-2024-57726, is classified as a missing authorization issue under CWE-862. This security gap fundamentally breaks the role-based access controls within the SimpleHelp platform. The flaw allows low-privileged technicians to bypass intended restrictions and generate API keys with excessive permissions. By exploiting this weakness, a compromised low-level account can quickly escalate privileges to the server administrator role. Gaining this level of access gives attackers complete administrative control over the remote support environment and all connected client machines. Path Traversal Vulnerability The second vulnerability, CVE-2024-57728, is a dangerous path traversal flaw linked to CWE-22. Often referred to as a “zip slip” attack, this exploit allows an authenticated administrator to upload specially crafted zip files anywhere on the underlying file system. Although an attacker needs admin access to trigger this bug, they can easily chain it with the first authorization vulnerability to gain the required permissions. Once the malicious payload is uploaded, threat actors can execute arbitrary code on the host server. This code runs within the security context of the SimpleHelp user, giving hackers a firm foothold for lateral movement across the network. On April 24, 2026, CISA officially added these security flaws to its Known Exploited Vulnerabilities (KEV) catalog. Due to the active exploitation of these flaws, CISA has established a strict remediation deadline of May 8, 2026. While it is currently unknown whether ransomware gangs are using these specific exploits, the threat’s severity requires immediate attention. Security teams must prioritize patching and securing their remote access infrastructure to prevent unauthorized system takeovers. System administrators should implement the following security measures immediately: Apply all available mitigations and software updates provided in the official SimpleHelp vendor instructions. Follow applicable BOD 22-01 guidance for securing connected cloud services and external infrastructure. Monitor network logs for unusual API key generation or suspicious file uploads originating from the SimpleHelp server. Discontinue the use of the product entirely and disconnect it from the network if mitigations are unavailable. Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Attackers Turn QEMU Into a Stealth Backdoor for Credential Theft and Ransomware Hackers Leverage Microsoft Teams to Breach Organizations Posing as IT Helpdesk Staff Fake TradingView AI Agent Site is Delivering Needle Stealer Malware via Fake TradingClaw The Phishing Defense Layer Top CISOs Never Miss  Vercel Confirms Data Breach — Hackers Claim Access to Internal Systems Latest News Cyber Security Litecoin Zero-Day Vulnerability Exploited in DoS Attack, Disrupts Major Mining Pools Cyber Security New Windows RPC Vulnerability Lets Attackers Escalate Privileges Across All Windows Versions Cyber Security News Claude AI Agents Close 186 Deals in Anthropic’s Marketplace Experiment Bug Bounty GPT‑5.5 Bio Bug Bounty to Strengthen Advanced AI Capabilities Cyber Security News Hackers Can Abuse Entra Agent ID Administrator Role to Hijack Service Principals