ГлавнаяУязвимости → CVE-2026-3431
9.8критическая

CVE-2026-3431

Описание

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including reading, modifying, and deleting data.

Затрагиваемое ПО
Sim Sim
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://www.tenable.com/security/research/tra-2026-12