AI description
CVE-2024-57726 is a vulnerability found in SimpleHelp remote support software, affecting versions 5.5.7 and earlier. This flaw permits technicians with low-level privileges to generate API keys that possess excessive permissions. These overly permissive API keys can then be leveraged by the technician to escalate their privileges, ultimately gaining server administrator access within the SimpleHelp environment. This vulnerability is classified under CWE-862, indicating a lack of access control.
- Description
- SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role.
- Source
- cve@mitre.org
- NVD status
- Analyzed
- Products
- simplehelp
CVSS 3.1
- Type
- Primary
- Base score
- 9.9
- Impact score
- 6
- Exploitability score
- 3.1
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
Data from CISA
- Vulnerability name
- SimpleHelp Missing Authorization Vulnerability
- Exploit added on
- Apr 24, 2026
- Exploit action due
- May 8, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- nvd@nist.gov
- NVD-CWE-noinfo
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-862
- Hype score
- Not currently trending
CVE-2024-57726: CISA KEV: SimpleHelp missing authorization lets low-priv techs mint over-privileged API keys and escalate to server admin. What happened CISA added CVE-2024-57726 to its Known Exploited Vulnerabilities catalog on 2026-04-24, triggering mandatory…
@lyrie_ai
4 May 2026
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
06:05 UTC: CVE-2024-57726 disclosed. The Four-CVE KEV Cluster: How DragonForce and Mirai Turned CISA's April 24 Drop Into a Live Ransomware-and-Botnet Race
@lyrie_ai
30 Apr 2026
54 Impressions
0 Retweets
2 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-57726 Lyrie Threat Intelligence is flagging a convergence across four recent, actively exploited advisories that map cleanly to CISA KEV prioritization logic: two SimpleHelp server vulnerabilities, one Samsung MagicINFO 9 Server issue, and a D-Link DIR‑823x…
@lyrie_ai
29 Apr 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
BREAKING: CISA adds SimpleHelp remote support CVE-2024-57728 and CVE-2024-57726 to KEV catalog after active exploitation of code execution and admin privilege escalation flaws in v5.5.7 and earlier. https://t.co/XkkQ4EbqN5
@threatcluster
27 Apr 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-32002 2 - CVE-2025-20333 3 - CVE-2026-20131 4 - CVE-2026-33626 5 - CVE-2024-57726 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
27 Apr 2026
313 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性4件をカタログに追加 CISA Adds Four Known Exploited Vulnerabilities to Catalog #CISA (Apr 24) CVE-2024-7399 Samsung MagicINFO 9 サーバーのパス・トラバーサル脆弱性 CVE-2024-57726 SimpleHelpの認証機能の欠
@foxbook
27 Apr 2026
203 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA alerts on critical SimpleHelp vulnerabilities (CVE-2024-57726 & CVE-2024-57728) actively exploited. Immediate patching required to prevent unauthorized access. Link: https://t.co/ow1gaL5gFL #Security #Vulnerabilities #Exploits #Patching #Unauthorized #Access #CISA #Alert
@dailytechonx
26 Apr 2026
15 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🔴 Samsung MagicINFO CVE-2024-7399 is actively exploited and now in KEV. 🔴 SimpleHelp CVE-2024-57726/57728 are also in KEV, raising MSP foothold risk. https://t.co/pBWq66uIkZ
@solomonneas
26 Apr 2026
47 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added 4 CVEs to KEV: Samsung MagicINFO (CVE-2024-7399), two SimpleHelp RMM bugs (CVE-2024-57726/57728), D-Link DIR-823X (CVE-2025-29635). RMM remains a top ransomware on-ramp - patch yours hard. https://t.co/HLdbWLw0wQ #infosec #CISA #KEV #ransomware
@CyberDaily_News
26 Apr 2026
163 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🛑 IR / SOC Alert: SimpleHelp flaws CVE-2024-57726 and CVE-2024-57728 are now KEV priorities. Patch, isolate, restrict exposure, and review logs for suspicious remote-support activity. https://t.co/KfVix38qB1 #IncidentResponse #VulnerabilityManagement #RemoteSupport https://t.
@SecureComputer0
25 Apr 2026
38 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
TRC analysis shows attackers chaining CVE-2024-57726 and CVE-2024-57728 to escalate from low-privilege SimpleHelp accounts to full system compromise via malicious file uploads. The privilege escalation through API key manipulation enables broader lateral movement across connected
@aviatrixtrc
25 Apr 2026
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Attackers chained SimpleHelp vulnerabilities (CVE-2024-57726, CVE-2024-57728) to escalate from low-privilege technician accounts to full admin control. TRC analysis shows attackers leveraged excessive API key permissions before moving laterally across networks. Runtime
@aviatrixtrc
25 Apr 2026
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA added CVE-2024-57728 to KEV: zip-slip in SimpleHelp lets an admin write files anywhere → RCE. Pairs with CVE-2024-57726 (low-priv tech → admin) for full takeover. Ransomware crews used this MSP chain last year. https://t.co/hF2jhxdii4
@TechTranslators
25 Apr 2026
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAが既知の悪用された脆弱性4件をカタログに追加 https://t.co/sXZPpnkL5q CVE-2024-7399 Samsung MagicINFO 9 サーバーのパス・トラバーサル脆弱性 CVE-2024-57726 SimpleHelpの認証機能の欠落に関する脆弱性 CVE-2024-57728 SimpleHe
@cybersecnews_jp
25 Apr 2026
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
🚨 BREAKING: #BreakingNews CISA adds 4 exploited flaws to KEV catalog: CVE-2024-7399 (Samsung MagicINFO 9 Server), CVE-2024-57726 & CVE-2024-57728 (SimpleHelp), CVE-2025-29635 (D-Link DIR-823X routers). Sets May 2026 federal deadline. #US #Cybersecurity #CISA #KEV https://t
@Archange_Shadow
25 Apr 2026
162 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【概ね平和】米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに4件の脆弱性を追加。Samsung MagicINFO 9 ServerのCVE-2024-7399、SimpleHelpのCVE-2024-57726とCVE-2024-57728、D-Link DIR-823XのC
@__kokumoto
24 Apr 2026
950 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
0 Quotes
🔴 SimpleHelp RMM, Missing Authorization (CWE-862), #CVE-2024-57726 (Critical) https://t.co/3R3NdrZ1Th
@dailycve
24 Apr 2026
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
‼️ Four vulnerabilities have been added to the CISA KEV Catalog CVE-2025-29635 - D-Link DIR-823X Command Injection Vulnerability CVE-2024-7399 - Samsung MagicINFO 9 Server Path Traversal Vulnerability CVE-2024-57728 - SimpleHelp Path Traversal Vulnerability CVE-2024-57726
@DarkWebInformer
24 Apr 2026
3949 Impressions
6 Retweets
20 Likes
7 Bookmarks
1 Reply
0 Quotes
Medusa & DragonForce RaaS groups weaponize SimpleHelp RMM flaws (CVE-2024-57726/7/8) to gain SYSTEM-level access to customer networks. Immediate patch needed. #Ransomware #SimpleHelp #RMM #Cybersecurity #SupplyChainAttack #Medusa #DragonForce https://t.co/VczUxLIelB
@the_yellow_fall
10 Nov 2025
56 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Articles like this just highlight the need for a solution like ZKX Helix. "ransomware groups, have been observed exploiting three vulnerabilities in the remote monitoring and management (RMM) software SimpleHelp... Tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726,
@zkxsolutions
5 Jun 2025
64 Impressions
0 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
The FBI reports Play ransomware has impacted around 900 victims worldwide as of May 2025, using recompiled malware & extortion tactics via stolen data. Vulnerabilities CVE-2024-57726/27/28 exploited. 🔐🌍 #CyberAttack #Global #USA https://t.co/hEvKHLEGei
@TweetThreatNews
4 Jun 2025
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📌 DragonForce ransomware group exploited SimpleHelp RMM tool to exfiltrate data and deploy ransomware. Three vulnerabilities (CVE-2024-57727, CVE-2024-57728, CVE-2024-57726) likely used. #CyberSecurity #Ransomware https://t.co/B8id4j6KrT https://t.co/LovB8l3lUx
@CyberHub_blog
30 May 2025
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Does your MSP use the RMM tool of Simple Help? Have you checked and patched for these CVEs: CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726? How are you managing your 3rd Party Risks? Or have you considered 3rd party risks as part of your overall risk management?
@irsecfink
28 May 2025
40 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Des chercheurs de Sophos ont révélé que des opérateurs du ransomware DragonForce ont exploité une chaîne de trois vulnérabilités (CVE-2024-57727, CVE-2024-57728, CVE-2024-57726) dans le logiciel SimpleHelp pour attaquer un fournisseur de services gérés. https://t.co/koZ
@cert_ist
28 May 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
DragonForce Ransomware Hits MSPs via SimpleHelp Vulnerabilities Using CVE-2024-57726/27/28, DragonForce breached an MSP, deploying ransomware across clients. The group targets RMM tools—patch now or risk supply chain compromise. https://t.co/3gaYn0i08j #MSP #CyberSecurity ht
@dCypherIO
28 May 2025
39 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
A MSP and its clients were targeted via chained vulnerabilities in SimpleHelp RMM (CVE-2024-57726/27/28), enabling full system access, data theft, and ransomware deployment. Patches released in Jan were exploited by attackers. ⚠️ #CyberAttack #UK https://t.co/svCneXeMt8
@TweetThreatNews
27 May 2025
53 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-57726., CVE-2024-57727., CVE-2024-57728. Enterprise egg-shell
@byt3n33dl3
15 Feb 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Vulnerabilidades de SimpleHelp RMM (CVE-2024-57726, CVE-2024-57727 y CVE-2024-57728) señaladas por Arctic permiten implementar puertas traseras y crear cuentas para obtener control administrativo, instalar puertas traseras y eventualmente desplegar ransomware. 🧉 https://t.co/Uq
@MarquisioX
11 Feb 2025
35 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Threat actors exploit newly disclosed vulnerabilities in SimpleHelp's Remote Monitoring and Management (RMM) software to gain unauthorized access and lay the groundwork for ransomware attacks. These vulnerabilities (CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728) https://t.co
@smart_c_intel
10 Feb 2025
28 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. The flaws are tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728. https://t.co/gg6fqRHwqF https://t.co/y
@riskigy
9 Feb 2025
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting vulnerabilities in SimpleHelp RMM, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, to breach corporate networks. Attackers create unauthorized admin accounts, install backdoors, and may prepare for ransomware attacks. Evidence suggests links…
@y1659rsgh
8 Feb 2025
4 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
SimpleHelp RMM flaws exploited to breach corporate networks: https://t.co/dzrUnoyfkC Hackers are exploiting vulnerabilities in SimpleHelp RMM, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, to breach corporate networks. Attackers create unauthorized admin… https:
@securityRSS
7 Feb 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENT: Attackers are exploiting newly discovered flaws in SimpleHelp RMM software to establish persistent access to networks and deploy ransomware. CVE-2024-57726, CVE-2024-57727, CVE-2024-57728: Flaws enabling privilege escalation, remote code execution. https://t.co/pHaiAm
@SamTechwest
7 Feb 2025
68 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Hackers are exploiting vulnerabilities in SimpleHelp RMM (CVE-2024-57726, CVE-2024-57727, CVE-2024-57728) for ransomware attacks. Organizations must update their software to reduce risk. 🛡️💻 #RMM #Ransomware #USA link: https://t.co/iIX2aGlrYX https://t.co/i81hVkLDco
@TweetThreatNews
7 Feb 2025
17 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 URGENT: Attackers are exploiting newly discovered flaws in SimpleHelp RMM software to establish persistent access to networks and deploy ransomware. CVE-2024-57726, CVE-2024-57727, CVE-2024-57728: Flaws enabling privilege escalation, remote code execution. 👉 Secure your… ht
@TheHackersNews
7 Feb 2025
46405 Impressions
47 Retweets
134 Likes
16 Bookmarks
3 Replies
3 Quotes
Уязвимости в SimpleHelp Remote Monitoring and Management (RMM), такие как CVE-2024-57726, CVE-2024-57727 и CVE-2024-57728, позволяют злоумышленникам загружать и выгружать файлы, а также повышать привилегии до уровня администратора. Подробнее https://t.co/TrPw17sEP7 https://t.co/D
@KZCERT
30 Jan 2025
73 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
From @AWNetworks: A campaign has been observed involving unauthorized access to devices running #SimpleHelp RMM software as an initial access vector. This came just a week after we publicly disclosed CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 in SimpleHelp. For the full
@Horizon3ai
29 Jan 2025
5 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Update: Critical vulnerabilities in #SimpleHelp are now being exploited (#CVE-2024-57727, #CVE-2024-57728, #CVE-2024-57726); These can lead to info disclosure, privilege escalation, and RCE. Patch and advisory are available at: https://https://t.co/UlONgZAyDI #Patch #Patch #Patch
@CCBalert
29 Jan 2025
247 Impressions
2 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hackers exploiting flaws in SimpleHelp RMM to breach networks. The flaws, tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, allow threat actors to download and upload files on devices and escalate privileges to administrative levels. https://t.co/knnGrF94Qo https://
@riskigy
29 Jan 2025
50 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
Researchers warn of a cyberattack exploiting SimpleHelp RMM vulnerabilities (CVE-2024-57726, CVE-2024-57727, CVE-2024-57728), allowing unauthorized device access. Ensure software is updated! 🔒💻 #SimpleHelp #CyberThreats #USA link: https://t.co/wdljUdasgh https://t.co/s1hk2hVJO
@TweetThreatNews
28 Jan 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-57726, -27, -28: Multiple vulns in SimpleHelp, 7.2 - 8.8 rating❗️ Vulns allow to upload arbitrary files, and escalate privileges, which allows RCE to be carried out. Search at https://t.co/hv7QKSr5Jp: 👉 Link: https://t.co/ElCom28yx9 #cybersecurity #vulnerability_map
@Netlas_io
20 Jan 2025
713 Impressions
4 Retweets
12 Likes
6 Bookmarks
1 Reply
0 Quotes
4/10 🔒 CVE-2024-57726: Tech access can become admin access due to poor authorization. Escalation chain could be devastating. #PrivilegeEscalation
@Eth1calHackrZ
18 Jan 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Critical vulnerabilities in SimpleHelp remote access software (CVE-2024-57727, CVE-2024-57728, CVE-2024-57726) can lead to info disclosure, privilege escalation, and RCE. Patch and advisory are available at: https://t.co/HhQIqSK040 #Patch #Patch #Patch
@CCBalert
16 Jan 2025
161 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-57726 SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These A… https://t.co/4fP9PcSZ0w
@CVEnew
16 Jan 2025
328 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-57726 Privilege Escalation via Insecure API Key Generation in SimpleHelp https://t.co/9ZwX20QzXK
@VulmonFeeds
16 Jan 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2024-57727&&CVE-2024-57728&&CVE-2024-57726 : Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks 📊 75k+ Services are found on https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/LxDmNVsdm9 👇Query HUNTER… https:/
@HunterMapping
16 Jan 2025
1336 Impressions
3 Retweets
17 Likes
6 Bookmarks
0 Replies
0 Quotes
We disclosed a few vulns last week affecting SimpleHelp's remote support software: ♦️ CVE-2024-57726: Priv esc to admin ♦️ CVE-2024-57727: Unauth arbitrary file download ♦️ CVE-2024-57728: Admin RCE via arbitrary file upload Together these vulns could enable an attacker with…
@Horizon3Attack
15 Jan 2025
6709 Impressions
20 Retweets
74 Likes
24 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:simple-help:simplehelp:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51B617B-82A8-4B34-BE2E-2D3C9CDE6D12",
"versionEndExcluding": "5.5.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]