Sim Vulnerabilities
Comprehensive security vulnerability database for Sim products
2
2
3
0
Severity Distribution
| Description | Vendor / Product | Exploit Status | |||
|---|---|---|---|---|---|
| CVE-2026-3432 | 9.3 | An attacker can steal OAuth access tokens for any user by simply providing their user ID and a provider name, allowing them to access third-party services without needing to log in. This vulnerability affects versions of SimStudio below 0.5.74 and does not require any authentication, making it particularly dangerous. | simsim | Exploit Available | about 1 month agoMar 2, 2026 |
| CVE-2026-3431 | 9.8 | An attacker can exploit this vulnerability to connect to any accessible MongoDB database and perform unauthorized actions like reading, changing, or deleting data. This is possible because the affected version of SimStudio allows anyone to send connection requests without needing to log in or restrict which hosts can connect. | simsim | Exploit Available | about 1 month agoMar 2, 2026 |
About Sim Security
This page tracks all publicly disclosed security vulnerabilities (CVEs) affecting Sim products. Our database is updated in real-time from the National Vulnerability Database (NVD) and enriched with exploit information from GitHub and other security research sources.
Each CVE listing includes CVSS severity scores, exploit availability status, AI-powered vulnerability summaries, and links to official patches and security advisories.