Skip to content

CVE lookup

CVE-2026-48558

Pruva has a verified reproduction for CVE-2026-48558: SimpleHelp OIDC authentication accepts unsigned/forged ID tokens, enabling remote authentication bypass and possible MFA bypass in versions 5.5.15 and earlier and 6.0 prereleases prior to the fixed release.. The canonical evidence record is REPRO-2026-00222.

REPRO

REPRO-2026-00222

Package

SimpleHelp · other (commercial, Java-based server application)

Severity

CRITICAL

Status

published