Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
SimStudio versions before 0.5.74 allow unauthorized MongoDB access
CVE-2026-3431
Summary
If you're using SimStudio versions below 0.5.74, an attacker can access your MongoDB database without permission, potentially reading, modifying, or deleting your data. This is a serious issue because it allows unauthorized access to your sensitive information. Update to version 0.5.74 or later to fix this problem.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| sim | sim | <= 0.5.74 | – |
Original title
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these e...
Original description
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including reading, modifying, and deleting data.
nvd CVSS3.1
9.8
Vulnerability type
CWE-862
Missing Authorization
- https://www.tenable.com/security/research/tra-2026-12 Third Party Advisory
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026