CVE-2026-3431

Name of the Vulnerable Software and Affected Versions SimStudio versions prior to 0.5.74

Description SimStudio’s MongoDB tool endpoints accept arbitrary connection parameters from callers without authentication or host restrictions. This allows an attacker to connect to any reachable MongoDB instance and perform unauthorized operations, including reading, modifying, and deleting data. The affected endpoints do not verify the validity of connection details, potentially exposing MongoDB instances to unauthorized access.

Recommendations Update SimStudio to version 0.5.74 or later.