Unrated severityNVD Advisory· Published Mar 2, 2026· Updated Mar 2, 2026
Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion
CVE-2026-3431
Description
On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including reading, modifying, and deleting data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.