Skip to content
Auto-CTI
Back to today
CRITICAL C3

SimpleHelp: Remote Maintenance Software Vulnerability Exploited in the Wild

C heise security Alerts ·

Admiralty grading (A–F · 1–6)

Source reliability

  • A Completely reliable
  • B Usually reliable
  • C Fairly reliable
  • D Not usually reliable
  • E Unreliable
  • F Cannot be judged

Information credibility

  • 1 Confirmed
  • 2 Probably true
  • 3 Possibly true
  • 4 Doubtful
  • 5 Improbable
  • 6 Cannot be judged

NATO Admiralty (AJP-2.1) grades confidence, independent of the risk score. Cross-source corroboration isn't tracked for non-CVE news, so single-source items are capped at a lower credibility number; a low number does not imply low quality.

Key insight

CISA has added the SimpleHelp vulnerability to its Known Exploited Vulnerabilities catalog; security researchers have identified malware such as TaskWeaver and Djinn Stealer deployed post-compromise via CVE-2026-48558.

Description

A critical vulnerability (CVE-2026-48558) in remote maintenance software SimpleHelp with maximum severity rating is actively exploited in the wild. The US cybersecurity agency CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog, alerting to active attacks. Security researchers at Blackpoint have identified malware TaskWeaver and Djinn Stealer deployed post-compromise on affected systems. The exact scope of attacks and number of compromised systems remain undocumented; however, the vulnerability appears to enable remote access and system compromise.

Risk score

37
cvss base
45.00
kev bonus
0.00
epss bonus
0.00
poc bonus
15.00
raw before weight
60.00
industry weight
1.10
freshness factor
0.50
exploitability factor
1.00
days old
12.00
vendor mismatch penalty
0.00
consensus penalty
-3.00

Path: operational

Consensus check

The pipeline self-checks before delivery. These rules lowered the score:

  • TTP_SKIPPED TTP mapping skipped (placeholder or aggregation article) −3
Consensus penalty:
−3.0
Total penalty:
−3.0
ESC