CVE-2024-57726 - SimpleHelp Missing Authorization Vulnerability
Project:SimpleHelp
Product:SimpleHelp
Date Added:2026-04-24Due Date:2026-05-08
Vulnerability Name
SimpleHelp Missing Authorization Vulnerability
Description
SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
Known To Be Used in Ransomware Campaigns?
Known
Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Additional Notes
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
https://nvd.nist.gov/vuln/detail/CVE-2024-57726
Related News Articles
CISA Adds 4 Exploited Flaws to KEV, Sets May 2026 Federal DeadlineApril 25, 2026