Arbitrary Connection Vulnerability in SimStudio MongoDB Tool
CVE-2026-3431

9.8CRITICAL

Key Information:

Vendor: Simstudioai
Status: Sim
Vendor: CVE Published:; 2 March 2026

🔔 Create Simstudioai Vulnerability Alert

What is CVE-2026-3431?

The MongoDB tool endpoints of SimStudio prior to version 0.5.74 allow attackers to submit arbitrary connection parameters without authentication or host restrictions. This security oversight can be exploited to connect to any accessible MongoDB instance, enabling unauthorized actions such as the reading, modification, and deletion of critical data.

Affected Version(s)

sim 0 < 0.5.74

References

https://www.tenable.com/security/research/tra-2026-12

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2026
Vulnerability Reserved
Mar 2, 2026

CVE-2026-3431 Data

JSON