← Back

CVE-2026-3431

nvd nist
Published: Mar 2, 2026Modified: Mar 6, 2026

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: vulnreport@tenable.com (Secondary)

Description

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including reading, modifying, and deleting data.

Affected (1)

Products: Sim: Sim
Sim
1 product
Sim
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Sim
Before 0.5.74

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (1)

Source: vulnreport@tenable.com
Third Party Advisory

Timeline

No history available yet.