CVE-2026-13510

LOW

SimStudioAI sim Password Protection deployment.ts weak hash

Title source: cna
STIX 2.1

Description

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.

References (7)

Core 7
Core References
Third Party Advisory third-party-advisory
CVE-2026-13510 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-13510
Third Party Advisory third-party-advisory
Submit #838842 | Sim Studio / simstudioai sim Affected at least commit 7b572f1f61a8bbcee31fd7389097814a71f8f094; still present in origin/main commit e532e0a6da6fd22eee98310ba Improper Verification of Cryptographic Signature (CWE-347), Use
https://vuldb.com/submit/838842
Exploit exploit issue-tracking
https://github.com/simstudioai/sim/issues/4759
Vdb Entry vdb-entry
VDB-374518 | SimStudioAI sim Password Protection deployment.ts weak hash
https://vuldb.com/vuln/374518
Signature, Permissions Required signature permissions-required
VDB-374518 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/374518/cti

Scores

CVSS v3 3.7
EPSS 0.0022
EPSS Percentile 12.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-327 CWE-328
Status published
Products (50)
SimStudioAI/sim 0.6.0
SimStudioAI/sim 0.6.1
SimStudioAI/sim 0.6.10
SimStudioAI/sim 0.6.11
SimStudioAI/sim 0.6.12
SimStudioAI/sim 0.6.13
SimStudioAI/sim 0.6.14
SimStudioAI/sim 0.6.15
SimStudioAI/sim 0.6.16
SimStudioAI/sim 0.6.17
... and 40 more
Published Jun 28, 2026
Tracked Since Jun 29, 2026