CVE-2024-57726
SimpleHelp Missing Authorization Vulnerability
CVSS
—
No CVSS
EPSS
9.3%
p95
KEV
YES
Apr 24, 2026
Exploit Today
78
0-100
Published: — · Last modified: —
Product
SimpleHelp / SimpleHelp
Vulnerability
SimpleHelp Missing Authorization Vulnerability
Added to KEV
Apr 24, 2026
Remediate by
May 8, 2026
Known ransomware use
Yes
Summary description
SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
Required action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notes
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726