CVE-2024-57726

CRITICAL KEV RANSOMWARE

SimpleHelp < 5.5.8 - Missing Authorization for API Key Creation

Title source: llm

Exploitation Summary

CVE-2024-57726 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added April 24, 2026, with confirmed use in ransomware campaigns.

Description

SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.

References (5)

Core 5

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-57726

Technical Description

https://www.microsoft.com/en-us/security/blog/2026/04/06/storm-1175-focuses-gaze-on-vulnerable-web-facing-assets-in-high-tempo-medusa-ransomware-operations/

Third Party Advisory

https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-dragonforce

Release Notes

https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier

Third Party Advisory

https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/

Scores

CVSS v3 9.9

EPSS 0.3883

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2026-04-24

VulnCheck KEV 2025-04-17

ENISA EUVD EUVD-2024-53724

Ransomware Use Confirmed

CWE

CWE-862

Status published

Products (1)

simple-help/simplehelp < 5.5.8

Published Jan 15, 2025

KEV Added Apr 24, 2026

Tracked Since Feb 18, 2026