CVE lookup
CVE-2026-48558
Pruva has a verified reproduction for CVE-2026-48558: SimpleHelp OIDC authentication accepts unsigned/forged ID tokens, enabling remote authentication bypass and possible MFA bypass in versions 5.5.15 and earlier and 6.0 prereleases prior to the fixed release.. The canonical evidence record is REPRO-2026-00222.
REPRO
REPRO-2026-00222
Package
SimpleHelp · other (commercial, Java-based server application)
Severity
CRITICAL
Status
published