A maximum-severity authentication bypass in SimpleHelp Remote Monitoring and Management (RMM) software is being actively exploited in the wild. Tracked as CVE-2026-48558 with a CVSS score of 10.0, the flaw allows an unauthenticated attacker to forge an OpenID Connect (OIDC) identity token and obtain a fully authenticated Technician session — bypassing login and MFA entirely. Attackers have used that foothold to deploy a two-stage malware chain: TaskWeaver (a Node.js loader disguised as jquery.js) followed by Djinn Stealer, a cross-platform infostealer targeting cloud credentials, SSH keys, AI tooling configs, package registry tokens, cryptocurrency wallets, and browser data across Windows, macOS, and Linux.

CISA added CVE-2026-48558 to the Known Exploited Vulnerabilities (KEV) catalog on June 29, 2026 with a remediation deadline of July 2, 2026 for federal agencies — but given active exploitation, all SimpleHelp operators should treat that deadline as universal. Approximately 1,000 SimpleHelp servers were internet-exposed at the time of disclosure.

What the Vulnerability Is

SimpleHelp is a self-hosted RMM platform used by MSPs, internal IT teams, and help-desk operations to remotely manage endpoints. When configured to use OpenID Connect (either generic OIDC or Azure AD OIDC) for technician authentication, it validates the IdP's identity assertions to establish session credentials.

The flaw: SimpleHelp does not verify the cryptographic signature of OIDC tokens before accepting the identity claims they contain. An unauthenticated attacker can craft an arbitrary JWT asserting any identity — including one belonging to an existing Technician account — and submit it to the SimpleHelp login flow. The server accepts the forged token at face value and grants a fully authenticated Technician session.

Discovered by Zach Hanley of Horizon3.ai, the bug was described as allowing an attacker to "create and authenticate as a new Technician user" with default access to:

  • Remote desktop / remote shell into all managed endpoints
  • Script execution on managed systems
  • File transfer to and from managed endpoints

MFA is also bypassed. SimpleHelp allows Technicians to self-register their MFA method on first login. Because the OIDC bypass constitutes a "first login" for a forged identity, the attacker registers their own MFA credential — locking the legitimate user out if desired and locking in persistence for themselves.

Affected configurations: Servers with OIDC-type authentication enabled (generic OIDC provider or Azure AD). SimpleHelp servers using only username/password authentication are not vulnerable to this specific bypass.

The Attack Chain: TaskWeaver → Djinn Stealer

Incident response by Blackpoint Cyber (Adversary Pursuit Group) documented the post-exploitation chain in detail.

Stage 1: TaskWeaver Loader

After obtaining an authenticated Technician session, the attacker uses SimpleHelp's file transfer capability to deliver TaskWeaver — a heavily obfuscated Node.js application bundled with a legitimate node.exe runtime. The loader is disguised as jquery.js, mimicking a common JavaScript library filename to avoid trivial detection.

TaskWeaver's primary role is establishing a persistent, encrypted command-and-control channel. It:

  • Fingerprints the compromised system (OS, hostname, user, running processes)
  • Opens an encrypted C2 channel to a.dev-tunnels[.]com (a Microsoft Azure Dev Tunnels subdomain, abused to blend into normal cloud traffic)
  • Downloads and executes additional JavaScript payloads at runtime

Encryption in transit uses AES-256-GCM with an RSA-2048 key pair embedded in the loader binary.

Stage 2: Djinn Stealer

TaskWeaver's observed second-stage payload is Djinn Stealer — a cross-platform credential harvester targeting Windows, macOS, and Linux. It is notably comprehensive in what it targets:

Cloud and infrastructure platforms: AWS, Azure, Google Cloud, Oracle Cloud Infrastructure, Okta, Cloudflare, DigitalOcean, Linode, Heroku, Vercel, Railway, Supabase, Pulumi, Terraform, HashiCorp Vault, Consul.

Developer tooling: GitHub CLI, Git configuration, Docker authentication, Helm registry, S3/MinIO clients, Subversion, SSH private keys.

Package registries: npm, pnpm, Yarn, NuGet, Cargo, Composer, Maven, Gradle, pip, PyPI, Conda, Bun, Ivy, Scala Build Tool.

AI development tooling: Anthropic Claude, Google Gemini, OpenAI Codex, Cline, OpenCode, Kilo — including MCP configuration files at ~/.claude/mcp.json and equivalent paths.

Browsers: Credentials, history, and bookmarks from all major browsers.

Cryptocurrency wallets: Bitcoin, Litecoin, Dogecoin, Dash, Ethereum, Monero, Zcash, Exodus, Atomic Wallet, Electrum.

Linux-specific: /proc/<pid>/cmdline and /proc/<pid>/environ for credentials passed as environment variables or CLI arguments to running processes (common in containerized workloads and CI/CD runners).

Once collected, all data is packed into a TAR archive, compressed with GZIP, encrypted with AES-256-GCM using an RSA-2048 public key embedded in TaskWeaver, and exfiltrated to 96.126.130[.]126:58942.

Blackpoint's researchers summarized the risk: "A single authentication bypass became a pathway into everything the managed systems could reach, from cloud platforms and code repositories to AI tools, cryptocurrency wallets, and customer infrastructure."

Why It Matters for Web Hosting Operators

SimpleHelp is commonly deployed by web hosting companies, managed service providers, and IT teams who use it to remotely administer Linux servers, Windows VMs, and network appliances. If your SimpleHelp server is compromised:

  1. Every managed endpoint is reachable — the attacker has a Technician session with the same access as your support team.
  2. Cloud credentials are the real prize — AWS IAM keys, GCP service account JSON, SSH keys, and hosting control panel sessions are all Djinn Stealer targets; these pivot directly into production infrastructure.
  3. CI/CD pipeline tokens are targeted — npm, PyPI, Cargo, and Maven credentials can be used to poison package releases (supply chain attack).
  4. AI tool configs expose additional secrets — MCP configuration files often contain API keys and tool configurations referencing other services.

Am I Affected?

You are potentially vulnerable if all of the following apply:

  1. You run a self-hosted SimpleHelp server
  2. That server is configured to use OIDC authentication (generic OIDC provider or Azure AD)
  3. The server is reachable over the network (locally or via the internet)

You are not vulnerable to this specific bypass if your SimpleHelp deployment uses only username/password authentication (no OIDC). However, updating is still strongly recommended given CISA's KEV designation.

To check: open your SimpleHelp admin console and review Configuration → Authentication. If OIDC is enabled, treat this as urgent.

Step-by-Step Remediation

Priority: Update immediately — CISA deadline July 2, 2026.

  1. Update SimpleHelp. Apply the patched release from SimpleHelp's official download page. Consult SimpleHelp's security advisory for the specific patched version.
  2. Audit active Technician sessions. In the SimpleHelp admin console, review all active and recent Technician sessions. Revoke any sessions you do not recognize — particularly accounts registered recently or with unfamiliar MFA devices.
  3. Check for unknown Technician accounts. Review your full Technician list for accounts you did not create. The IoCs documented by Horizon3.ai and Blackpoint Cyber should be cross-referenced with your logs.
  4. Hunt for TaskWeaver and Djinn Stealer artifacts on managed endpoints:
    • Look for node.exe + jquery.js combinations in unusual directories (%TEMP%, %APPDATA%, user profile folders)
    • Look for outbound connections to a.dev-tunnels[.]com
    • Look for outbound connections to 96.126.130[.]126:58942
  5. Rotate every credential accessible from managed endpoints. Because Djinn Stealer targets credentials stored in config files and environment variables, assume any secret on a managed endpoint may be compromised if the server was exposed. This includes cloud IAM credentials, SSH keys, database passwords, API tokens, package registry tokens, and cryptocurrency wallet passphrases.
  6. Rotate secrets on developer workstations. If your managed endpoints include developer machines, Djinn Stealer may have harvested IDE configs, browser-stored passwords, GitHub tokens, and .env files.
  7. Review your OIDC provider's audit logs for unexpected login events or new device registrations attributed to your SimpleHelp server.

Quick-Win Checklist

  • SimpleHelp server updated to patched release
  • Reviewed all active Technician sessions; revoked unknowns
  • Checked Technician account list for rogue accounts
  • Hunted for node.exe/jquery.js on managed endpoints
  • Blocked or monitored a.dev-tunnels[.]com at perimeter
  • Blocked 96.126.130[.]126 at perimeter
  • Rotated cloud IAM credentials (AWS, GCP, Azure) on managed endpoints
  • Rotated SSH private keys
  • Rotated package registry tokens (npm, PyPI, etc.)
  • Rotated GitHub/GitLab personal access tokens
  • Reviewed MFA device registrations in your OIDC IdP
  • Checked OIDC provider audit logs for suspicious logins

Sources