CVE-2024-57726 - PatchNow

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2025-01-15

Added to CISA KEV: 2026-04-24 464 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

CRITICAL: Check for indicators of compromise - this vulnerability is in CISA KEV indicating active exploitation in the wild. Review logs, check for unauthorized access, verify system integrity
Immediately update SimpleHelp to version 5.5.8 or later
Audit all existing API keys and revoke any unauthorized or suspicious keys
Review technician account permissions and implement principle of least privilege
Monitor API key creation and usage for anomalous activity
Consider temporarily restricting API access until patching is complete

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2024-57726 is a critical security vulnerability affecting SimpleHelp remote support software, which has been identified as being actively exploited in the wild ^[1] ^[2].

Vulnerability Overview and Impact

The vulnerability is classified as a "missing authorization" flaw with a high CVSSv3 score of 9.9 ^[2] ^[5]. It allows an authenticated technician with low privileges to create API keys with excessive permissions due to a lack of server-side validation ^[3] ^[6].

Successful exploitation allows an attacker to escalate their privileges to the server administrator role, granting them full control over the SimpleHelp instance ^[4].

Exploitation and Threat Landscape

Active Exploitation: The vulnerability is actively being exploited in the wild, including in ransomware campaigns ^[1].
Targeted Attacks: It has been documented in attacks specifically targeting critical infrastructure organizations ^[1].
Exploitation Requirements: This is a remote, authenticated attack. While it requires the attacker to have an existing low-privileged technician account, it does not require complex user interaction beyond the abuse of the API key creation process ^[2] ^[6].

Affected Versions and Mitigation

Affected Versions: SimpleHelp remote support software versions 5.5.7 and earlier are affected ^[3] ^[7].
Status: Patches have been released to address this vulnerability ^[5]. Organizations using SimpleHelp are strongly advised to update to a patched version immediately to mitigate the risk of privilege escalation and subsequent compromise.

Sources

CVE-2024-57726 - Exploits & Severity
The vulnerability is actively being exploited in ransomware campaigns and has been documented in attacks against critical infrastructure organizations.
Active Exploitation of Critical Vulnerability Chain in ...
CVE-2024-57726 is a 'missing authorisation' vulnerability with a CVSSv3 score of 9.9. If exploited, a remote authenticated attacker could create ...
CVE-2024-57726 Detail - NVD
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions.
NVD - CVE-2024-57726
A critical vulnerability in SimpleHelp remote support software v5.5.7 and before allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. See NVD details, CVSS scores, CWE, references and change histo…
CVE-2024-57726 – SimpleHelp Remote Access
This patch addresses two vulnerabilities in SimpleHelp that significantly impact remote access security. CVE-2024-57726 has a CVSS score of 9.9, ...
CVE-2024-57726 - Privilege Escalation in SimpleHelp v5.5.7 and Earlier ...
CVE-2024-57726 is a critical vulnerability in SimpleHelp Remote Support Software, up to and including version 5.5.7. It allows authenticated technician users (with low privileges) to create API keys with excessive permissions due to missing validation on the server side.
SimpleHelp remote support software v5.5.7 and before has...
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions.