The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has integrated a critical SimpleHelp software flaw into its Known Exploited Vulnerabilities (KEV) catalog. Identified as CVE-2026-48558, this vulnerability carries a maximum CVSS v3.1 score of 10.0, indicating severe impact. It affects SimpleHelp versions 5.5.15 and earlier, as well as pre-release iterations of version 6.0. The flaw constitutes an authentication bypass, specifically manifesting when OpenID Connect (OIDC) authentication is enabled. It arises from the software's failure to adequately verify the cryptographic signatures of identity tokens. CISA's inclusion of CVE-2026-48558 in its KEV catalog confirms that this critical vulnerability is undergoing active exploitation in real-world environments1. Consequently, security professionals and administrators managing SimpleHelp deployments must immediately apply available updates or implement specified mitigations to preempt compromise and unauthorized system access.