CVE-2026-13510

SimStudioAI sim Password Protection deployment.ts weak hash

CVSS 6.3 MEDIUMCWE-327 CWE-328

Vexday Risk Score

30Low

SSVC decision (CISA)

Attend

PoC available → attend closely

CVSS 6.3EPSS —KEV nãoPoC públicaNuclei —Metasploit —Patch referenciado

Lifecycle

28 Jun 2026Published on NVD

Recommendation: Plan a near-term fix — a public PoC already exists.

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Affected products

SimStudioAI · sim

public PoCs found — 1

cve_referencegithub.com/simstudioai/sim/issues/4759unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/simstudioai/sim/https://github.com/simstudioai/sim/issues/4759 https://github.com/simstudioai/sim/pull/4760 https://vuldb.com/cve/CVE-2026-13510 https://vuldb.com/submit/838842 https://vuldb.com/vuln/374518 https://vuldb.com/vuln/374518/cti