A critical flaw in SimpleHelp, a remote support and management tool used by IT teams and managed service providers, lets an unauthenticated attacker create a privileged technician account and skip multi-factor authentication. The bug (CVE-2026-48558) only affects servers configured to use OpenID Connect (OIDC) single sign-on, including Azure AD, and stems from how the server validates identity assertions from the login provider. A rogue technician can then remote into managed machines and run scripts, giving attackers a foothold across every connected endpoint. Researchers found roughly 14,000 SimpleHelp servers exposed online, with about 7 percent using the vulnerable OIDC setup. The flaw affects versions 5.5.15 and earlier.