The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert concerning two severe vulnerabilities in the SimpleHelp remote support software. These vulnerabilities provide cybercriminals with direct access routes into corporate networks, potentially bypassing traditional security measures. Organizations utilizing SimpleHelp must act swiftly to mitigate these risks and protect their systems from potential breaches.
The first vulnerability, identified as CVE-2024-57726, involves a missing authorization issue. This flaw disrupts the role-based access controls within SimpleHelp, allowing low-privileged technicians to generate API keys with excessive permissions. Exploiting this vulnerability can enable attackers to escalate privileges to the level of server administrator, granting them complete control over the remote support environment and all connected client machines.
The second vulnerability, CVE-2024-57728, is a path traversal flaw known as a 'zip slip' attack. This exploit allows an authenticated administrator to upload specially crafted zip files anywhere on the file system. Although admin access is needed to exploit this flaw, attackers can easily combine it with the first vulnerability to gain necessary permissions. Once the malicious payload is uploaded, attackers can execute arbitrary code on the host server, facilitating lateral movement across the network.
On April 24, 2026, CISA added these vulnerabilities to its Known Exploited Vulnerabilities catalog, emphasizing their active exploitation. CISA has set a remediation deadline of May 8, 2026, highlighting the urgent need for organizations to address these security issues. While it remains unclear if ransomware groups are utilizing these exploits, the significant threat they pose demands immediate action. Security teams must prioritize patching and securing their remote access infrastructure to prevent unauthorized system takeovers.


