Vulnerability Description
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Simple-Help | Simplehelp | < 5.5.8 |
Related Weaknesses (CWE)
References
- https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabiRelease Notes
- https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-Third Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-US Government Resource
- https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gazeTechnical Description
- https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomwarThird Party Advisory
FAQ
What is CVE-2024-57726?
CVE-2024-57726 is a vulnerability with a CVSS score of 9.9 (CRITICAL). SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate pr...
How severe is CVE-2024-57726?
CVE-2024-57726 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2024-57726?
Check the references section above for vendor advisories and patch information. Affected products include: Simple-Help Simplehelp.