CVE-2024-57726
SimpleHelp Missing Authorization Vulnerability
CVSS
—
Sin CVSS
EPSS
9.3%
p95
KEV
SÍ
24 abr 2026
Exploit Today
78
0-100
Publicado: — · Última mod.: —
Producto
SimpleHelp / SimpleHelp
Vulnerabilidad
SimpleHelp Missing Authorization Vulnerability
Añadido a KEV
24 abr 2026
Remediar antes de
8 may 2026
Uso conocido en ransomware
Sí
Descripción resumida
SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
Acción requerida
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Notas
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57726