Forwarded TWCERT/CC Security Alert TWCERTCC-200-202607-00000003
【CVE-2026-48558】SimpleHelp Authentication Bypass Vulnerability (CVSS v3.1: 10.0)
【Known Ransomware Exploitation: Unknown】 SimpleHelp's OIDC authentication process contains an authentication bypass vulnerability. When OIDC authentication is enabled in the system, the login process fails to properly validate the cryptographic signature of the ID token. A remote unauthenticated attacker could submit a forged token to obtain an authenticated technician session; under certain configurations, this may even bypass multi-factor authentication (MFA).
【CVE-2026-45659】Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability (CVSS v3.1: 8.8)
【Known Ransomware Exploitation: Unknown】 Microsoft SharePoint Server contains a deserialization of untrusted data vulnerability, allowing an authorized attacker to execute arbitrary code over the network.