Skip to content
Verified SimpleHelp OIDC authentication accepts unsigned/forged ID tokens, enabling remote authentication bypass and possible MFA bypass in versions 5.5.15 and earlier and 6.0 prereleases prior to the fixed release.
REPRO-2026-00222 SimpleHelp · other (commercial, Java-based server application) Auth Bypass Jul 4, 2026 .txt
Severity CRITICAL
Confidence HIGH
Reproduced in 94m 25s
Tool calls 550
Spend $37.97
Affected SimpleHelp 5.5.15 and earlier; 6.0 prerelease versions before 6.0 RC2
Fixed in 5.5.16; 6.0 RC2 / 6.0 prerelease (20260327-150806)
$ pruva-verify REPRO-2026-00222
or curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00222/artifacts/bundle/repro/reproduction_steps.sh && chmod +x reproduction_steps.sh && ./reproduction_steps.sh
Run in a VM or disposable container. This exploits a real vulnerability.
02 · The vulnerability

SimpleHelp’s OpenID Connect (OIDC) authentication flow fails to verify the cryptographic signature on submitted identity tokens. An unauthenticated remote attacker can forge an ID token with arbitrary claims to obtain a fully authenticated technician session; in some configurations this also bypasses multi‑factor authentication. The issue affects SimpleHelp 5.5.15 and earlier and 6.0 prerelease builds before the fixed release.

03 · Root cause
Variant analysis
04 · Reproduction transcript

The agent's step-by-step process — every tool call, every handoff, the moment the exploit fired. Phases: support triages the advisory · repro reproduces it · vuln_variant confirms the fix blocks it · judge verifies.

Loading session...

05 · Artifacts

Scripts, logs, diffs, and output captured during the reproduction.