ThreatCluster

Critical Vulnerabilities in SimpleHelp Software Exploited

First seen 27 Apr 2026, 10:33 UTC nvd.nist.gov 79% similarity 73

Article Content

Browse articles
ThreatCluster

Two critical vulnerabilities have been identified in SimpleHelp remote support software versions 5.5.7 and earlier. CVE-2024-57728 allows admin users to upload arbitrary files, potentially executing arbitrary code on the host system. CVE-2024-57726 enables low-privilege technicians to create API keys with excessive permissions, facilitating privilege escalation to server admin roles. Both vulnerabilities were published on January 15, 2025, and were added to the CISA Known Exploited Vulnerabilities Catalog on April 24, 2026, indicating active exploitation. Organizations using affected versions are at risk of unauthorized access and control. Immediate action is recommended to mitigate these vulnerabilities. Reference CISA's BOD 22-01 for further guidance.

Key Points: • CVE-2024-57728 allows arbitrary file uploads, risking code execution. • CVE-2024-57726 permits privilege escalation via excessive API key permissions. • Both vulnerabilities are actively exploited as of April 24, 2026.

ThreatCluster AI

Timeline

2025-01-15
CVE-2024-57728 and CVE-2024-57726 published
2026-04-24
Both CVEs added to CISA KEV for active exploitation
2026-04-27
Articles published detailing vulnerabilities and risks

Community

Browse all →