COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-57726

CVE-2024-57726

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2026-04-24
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-57726
⌖ exploited in the wild shame 85/100 ransomwareexploited-in-wildprivilege-escalationsupply-chain

SimpleHelp allows low-privileged technicians to create API keys with server admin privileges, enabling privilege escalation.

This missing authorization flaw lets unprivileged users bypass role restrictions to gain full server admin access, creating a critical supply-chain risk for DIB vendors relying on SimpleHelp's API infrastructure. Organizations must audit all API key generation workflows and enforce strict role-based access controls to prevent unauthorized privilege escalation.

Shame score — A critical privilege escalation vulnerability that allows low-privileged users to bypass authorization checks and gain server admin access represents a severe security failure.

Players implicated

SimpleHelp · vendorSimpleHelp · product

Description

SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.