CISA Known Exploited Vulnerability

CVE-2024-57726

SimpleHelp · SimpleHelp

SimpleHelp Missing Authorization Vulnerability

Date added 2026-04-24

BOD 22-01 due date 2026-05-08

CWE CWE-862

Ransomware Unknown

CISA description

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes & references

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier
https://nvd.nist.gov/vuln/detail/CVE-2024-57726

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2024-57726
CVE.org · CVE-2024-57726
CISA KEV catalog (canonical)