CISA 2026-06-29

CISA Adds One Known Exploited Vulnerability to Catalog

CVE-2026-48558

Machine-generated analysis · WAYSCloud LLM

CVE-2026-48558 is an authentication bypass vulnerability in SimpleHelp that has been added to CISA's KEV Catalog due to evidence of active exploitation.

Context

SimpleHelp is a remote support and helpdesk software solution. The advisory states that CVE-2026-48558 allows authentication bypass, enabling attackers to gain access without valid credentials. This vulnerability is now included in CISA’s Known Exploited Vulnerabilities Catalog based on confirmed exploitation. Worth noting is that BOD 26-04 mandates federal agencies to prioritize remediation of such vulnerabilities on publicly exposed assets.

Operator considerations

Check: Determine if SimpleHelp instances are deployed and exposed to the internet.

From Cybersecurity and Infrastructure Security Agency ↗

CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.

CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability

This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise.

Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-...

Read the full advisory on CISA →