Jul 01, 2026 · 5 min read
CVE-2026-48558: Djinn Stealer Targets Cloud and AI Credentials
A maximum-severity authentication bypass in SimpleHelp (CVSS 10.0) is being actively exploited to plant two previously undocumented malware families — TaskWeaver, a persistent Node.js loader, and Djinn Stealer, a credential harvester that strips Git, SSH, Docker, cloud, and AI development tool tokens from Windows, macOS, and Linux systems. CISA gave federal agencies until July 2, 2026 to patch.
Key Takeaways
- • CVE-2026-48558 is a CVSS 10.0 authentication bypass in SimpleHelp that allows any unauthenticated attacker to forge a privileged Technician session via the OpenID Connect flow.
- • Approximately 1,000 vulnerable SimpleHelp instances were internet-exposed at the time of disclosure (June 12, 2026).
- • Djinn Stealer targets cloud platform tokens, Git/GitHub credentials, SSH keys, Docker configs, AI development tool tokens (Claude, Gemini, Codex), browser data, and cryptocurrency wallets across all three major operating systems.
- • Data is encrypted with AES-256-GCM before exfiltration to a command-and-control server using temporary Cloudflare domains.
- • CISA added CVE-2026-48558 to its Known Exploited Vulnerabilities catalog, requiring Federal Civilian Executive Branch agencies to patch by July 2, 2026.
What Is CVE-2026-48558?
CVE-2026-48558 is a critical authentication bypass vulnerability in SimpleHelp, a remote monitoring and management (RMM) platform used by managed service providers, IT helpdesks, and corporate IT departments for remote support. The vulnerability exists in SimpleHelp's OpenID Connect (OIDC) authentication flow.
The flaw allows an unauthenticated attacker to submit a forged OIDC token containing arbitrary identity claims. SimpleHelp accepts the token without validating that it came from a legitimate identity provider, granting the attacker a fully authenticated "Technician" session — the highest privilege level on the platform. From that position, the attacker controls the SimpleHelp server and any devices it manages.
Horizon3.ai published technical details of the vulnerability on June 12, 2026. At that point, approximately 1,000 SimpleHelp instances were directly reachable from the internet in a vulnerable state. Active exploitation followed within days of the public disclosure.
The vulnerability earned a CVSS score of 10.0 — the maximum possible — because it requires no authentication, no user interaction, and can be exploited remotely over the network against any unpatched SimpleHelp deployment.
What Does Djinn Stealer Steal?
Djinn Stealer is the payload delivered after TaskWeaver establishes persistence on a compromised system. Unlike classic infostealers that prioritize browser credentials and email accounts, Djinn Stealer focuses on developer and infrastructure credentials — the keys to cloud deployments, code repositories, and AI development environments.
| Target Category | Credentials Stolen |
|---|---|
| Cloud and identity platforms | AWS, Azure, GCP tokens and access keys |
| Source control and package registries | GitHub, GitLab, npm tokens and SSH keys |
| Infrastructure tooling | Docker Hub credentials, Terraform configs, Kubernetes kubeconfig |
| AI development tools | Claude API keys, Gemini tokens, OpenAI Codex configurations |
| Browsers and general credentials | Saved passwords, session cookies, autofill data |
| Cryptocurrency | Wallet keys and exchange credentials |
All collected data is encrypted using AES-256-GCM before being transmitted to command-and-control infrastructure operating through temporary Cloudflare domains — a technique that makes the outbound traffic blend with legitimate HTTPS traffic and complicates attribution.
How TaskWeaver Prepares the Way
Before Djinn Stealer runs, TaskWeaver establishes a persistent, encrypted delivery channel on the compromised machine. Distributed as an obfuscated JavaScript file named jquery.js and executed through node.exe, TaskWeaver fingerprints the device — collecting system information, installed software, and network configuration — and communicates with the attacker's command-and-control server to receive additional JavaScript modules.
The jquery.js naming is deliberate: JavaScript files with that name are ubiquitous on managed systems, making the loader harder to identify in process and file listings. The combination of legitimate runtime (node.exe), a disguised filename, and Cloudflare-masked C2 traffic was designed to pass through both automated endpoint detection and manual review.
SimpleHelp's legitimate remote access capabilities meant that once an attacker obtained a Technician session via CVE-2026-48558, deploying TaskWeaver and Djinn Stealer appeared indistinguishable from normal administrative activity — an RMM agent pushing a script to a managed device.
Why Developers and DevOps Teams Are the Target
Djinn Stealer's credential targeting reflects a shift in what threat actors find most valuable. A set of cloud platform API keys for an engineering organization provides more leverage than individual passwords: they grant access to production infrastructure, enable supply chain attacks by poisoning code repositories, and can be monetized either through direct misuse or sale to other attackers who specialize in infrastructure exploitation.
AI development tool tokens are a newer but increasingly targeted category. An API key for Claude, Gemini, or Codex can be used to rack up charges against the victim's account, to exfiltrate private system prompts and context that reveal business logic, or to impersonate legitimate AI workflows in supply chain attacks.
Browser credentials and email session cookies — also collected by Djinn Stealer — enable the same inbox takeover risk documented in the 24 billion credential infostealer dump from June 2026: a stolen session cookie bypasses multi factor authentication entirely by impersonating an already authenticated browser session.
What Should SimpleHelp Administrators Do?
SimpleHelp released a patch addressing CVE-2026-48558. Organizations running SimpleHelp should treat this as an emergency update — CISA's inclusion in the Known Exploited Vulnerabilities catalog and the July 2, 2026 federal patch deadline confirm that exploitation is active and widespread.
- Update SimpleHelp immediately — Apply the vendor-provided patch to all server instances. Verify the update applied successfully before restoring normal operations.
- Audit all Technician accounts — Review the full list of active Technician sessions and accounts. Invalidate any that cannot be positively attributed to known administrators. CVE-2026-48558 may have been used to create backdoor accounts before your patch window.
- Rotate all credentials on managed systems — Assume that any system managed through a vulnerable SimpleHelp instance may have had Djinn Stealer deployed. Rotate cloud API keys, GitHub tokens, SSH keys, and any other credentials stored on those systems.
- Review endpoint logs for TaskWeaver indicators — Look for node.exe executing jquery.js, outbound HTTPS connections to unusual Cloudflare subdomains, and new scheduled tasks or launch agents created around the exploitation window.
- Check for Djinn Stealer exfiltration — Examine network logs for large outbound HTTPS transfers, particularly from developer workstations and CI/CD servers that would hold the credential types Djinn Stealer prioritizes.
Organizations that use managed service providers for IT support should confirm their MSP has patched SimpleHelp and ask for evidence of a post-exploitation audit before restoring trust in that access channel.