CVE-2024-57726NVD

Vulnerability Summary

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

Severity Level

CRITICAL(9.9)

Published Date

Jan 15, 2025

Last Modified

Apr 24, 2026

Exploitation Status

????

EPSS Score (30-Day)

39.41%Probability

Root Weakness (CWE)

NVD-CWE-noinfo: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeChanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57726
https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/
https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2024-57726NVD

Vulnerability Summary

External References