CVE-2026-13510
LOW
3.7
CVSS 3.1
Description
A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.
Metadata
Severity & Metrics
3.7
LOW CVSS 3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| SimStudioAI | sim | — | 0.6.0, 0.6.1, 0.6.2, 0.6.3 … |
Weakness (CWE)
CVSS scores (4)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 6.3 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
| 3.7 | LOW | 3.1 | cna | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R |
| 3.7 | LOW | 3.0 | cna | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R |
| 2.6 | N/D | 2.0 | cna | AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR |
References (7)
- VDB-374518 | SimStudioAI sim Password Protection deployment.ts weak hash https://vuldb.com/vuln/374518
- VDB-374518 | CTI Indicators (IOB, IOC, TTP, IOA) https://vuldb.com/vuln/374518/cti
- CVE-2026-13510 | CVE Analysis and Report https://vuldb.com/cve/CVE-2026-13510
- Submit #838842 | Sim Studio / simstudioai sim Affected at least commit 7b572f1f61a8bbcee31fd7389097814a71f8f094; still present in origin/main commit e532e0a6da6fd22eee98310ba Improper Verification of Cryptographic Signature (CWE-347), Use https://vuldb.com/submit/838842
- https://github.com/simstudioai/sim/issues/4759
- https://github.com/simstudioai/sim/pull/4760
- https://github.com/simstudioai/sim/