CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: May 8, 2026
Description
SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user.
Required Action
https://simple-help.com/kb---security-vulnerabilities-01-2025#security-vulnerabilities-in-simplehelp-5-5-7-and-earlier ; https://nvd.nist.gov/vuln/detail/CVE-2024-57728
Risk Assessment
ELEVATEDIn CISA KEV
Details
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Articles
- 0
Timeline
Published
Apr 24, 2026
Added to KEV
Apr 24, 2026
Remediation Due
May 8, 2026