A CVSS 10 in your IT remote-support tool is stealing AI keys
CVE-2026-48558 is a maximum-severity auth bypass in SimpleHelp RMM, actively exploited to deploy Djinn Stealer and steal cloud and AI API keys. Patch it and rotate now.
The tool your IT provider uses to log into your machines is now the tool attackers are using to steal your AI keys. CVE-2026-48558, a CVSS 10.0 authentication bypass in SimpleHelp remote-support software, is being actively exploited in the wild — and the payload isn't ransomware. It's a credential stealer built to grab cloud and AI API keys. CISA added it to the Known Exploited Vulnerabilities catalog with a two-day federal patch deadline. That's how serious this one is.
What actually happened
Per Security Affairs, the flaw lives in SimpleHelp's OIDC login flow: when single sign-on is configured, the server accepts identity tokens without verifying their cryptographic signature. A remote, unauthenticated attacker can forge a token with any identity claims they want and drop straight into a fully authenticated technician session. No password, no exploit chain — just a fake token the server trusts.
SimpleHelp 5.5.15 and earlier are vulnerable; it's fixed in 5.5.16 and 6.0 RC2, released in late May. CISA added it to KEV on June 29 with a July 2 remediation deadline. Per Arctic Wolf, attackers are using the forged login to deploy a loader called TaskWeaver and a new stealer, Djinn Stealer, that harvests credentials — including cloud and AI service keys. Researchers counted roughly 14,000 internet-facing SimpleHelp servers, with about 7% running the vulnerable SSO config.
Why it matters for your business
Remote monitoring and management (RMM) tools are the softest target in small-business IT, because they're built to have total access to your machines and almost nobody audits them. If your managed IT provider or internal team runs SimpleHelp, an attacker who walks through this bug has the same reach your admin does — and the current campaign is specifically after the keys that unlock your cloud accounts and AI spend. A stolen OpenAI or AWS key isn't just a breach; it's a bill that runs all night.
Do three things this week. One: confirm every SimpleHelp instance is on 5.5.16 or later — ask your provider directly and get the version number. Two: rotate any cloud and AI API keys that could have been exposed, and scope them down so one leaked key can't drain an account. Three: treat every RMM and remote-access tool as attack surface — patched fast, logged, and access-limited. The boring infrastructure you never think about is exactly where this gets you.
Key takeaways
- CVE-2026-48558 is a CVSS 10.0 auth bypass in SimpleHelp RMM — forged OIDC tokens grant unauthenticated technician access
- Actively exploited to deploy Djinn Stealer, which harvests credentials including cloud and AI API keys (Arctic Wolf)
- Fixed in SimpleHelp 5.5.16; CISA added it to KEV on June 29 with a July 2 federal deadline
- Patch your RMM now, rotate exposed keys, and scope API keys so one leak can't drain an account
Not sure what your API keys can reach if one leaks? We build automations with scoped, rotatable credentials and audited access — so a stolen key is a nuisance, not a catastrophe. See what we build or have us review your setup.
Sources: Security Affairs, CISA, Arctic Wolf.
- #ai-security
- #simplehelp
- #vulnerability
- #rmm
- #api-keys
Tommy Rush — Founder, Rush Commerce
Operator turned builder. 15+ years running operations — now shipping the systems businesses run on. More
Get The Rush Report weekly — one email, zero fluff.
Keep reading
Meta's Muse Spark undercuts coding AI — and closed the door
Meta launched Muse Spark 1.1, an agentic coding model at $1.25/$4.25 per M tokens — API-only, no open weights. The Llama portability story is over. Build behind an abstraction.
Read itThe first AI agent platform hit CISA's must-patch list. Audit yours.
A cross-tenant IDOR in Langflow let attackers steal LLM and cloud keys. It's the first AI agent builder on CISA's KEV — proof your agent stack is attack surface.
Read it