CVE-2024-57726

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive...

Basic Information

CVE State: PUBLISHED
Reserved Date: January 09, 2025
Published Date: January 15, 2025
Last Updated: April 25, 2026
Vendor: n/a
Product: n/a
Description: SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
Tags

CVSS Scores

CVSS v3.1

9.9 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

SSVC Information

Exploitation: active
Technical Impact: total

Exploit Status

Exploited in the Wild: Yes (2026-06-01 13:23:43 UTC) Source

References

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/ https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier

Known Exploited Vulnerability Information

Source	Added Date
CVE	2026-06-01 13:23:43 UTC

Timeline

CVE ID Reserved

January 09, 2025
CVE Published to Public

January 15, 2025
Added to KEVIntel

June 01, 2026