CVE-2026-3431
Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including reading, modifying, and deleting data.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
SimStudioAI · simQuer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →