CVE-2026-13510

Summary

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.

Affected Software

VendorProductVersion RangeStatus
SimStudioAIsim0.6.0affected
SimStudioAIsim0.6.1affected
SimStudioAIsim0.6.2affected
SimStudioAIsim0.6.3affected
SimStudioAIsim0.6.4affected
SimStudioAIsim0.6.5affected
SimStudioAIsim0.6.6affected
SimStudioAIsim0.6.7affected
SimStudioAIsim0.6.8affected
SimStudioAIsim0.6.9affected
SimStudioAIsim0.6.10affected
SimStudioAIsim0.6.11affected
SimStudioAIsim0.6.12affected
SimStudioAIsim0.6.13affected
SimStudioAIsim0.6.14affected
SimStudioAIsim0.6.15affected
SimStudioAIsim0.6.16affected
SimStudioAIsim0.6.17affected
SimStudioAIsim0.6.18affected
SimStudioAIsim0.6.19affected
SimStudioAIsim0.6.20affected
SimStudioAIsim0.6.21affected
SimStudioAIsim0.6.22affected
SimStudioAIsim0.6.23affected
SimStudioAIsim0.6.24affected
SimStudioAIsim0.6.25affected
SimStudioAIsim0.6.26affected
SimStudioAIsim0.6.27affected
SimStudioAIsim0.6.28affected
SimStudioAIsim0.6.29affected
SimStudioAIsim0.6.30affected
SimStudioAIsim0.6.31affected
SimStudioAIsim0.6.32affected
SimStudioAIsim0.6.33affected
SimStudioAIsim0.6.34affected
SimStudioAIsim0.6.35affected
SimStudioAIsim0.6.36affected
SimStudioAIsim0.6.37affected
SimStudioAIsim0.6.38affected
SimStudioAIsim0.6.39affected
SimStudioAIsim0.6.40affected
SimStudioAIsim0.6.41affected
SimStudioAIsim0.6.42affected
SimStudioAIsim0.6.43affected
SimStudioAIsim0.6.44affected
SimStudioAIsim0.6.45affected
SimStudioAIsim0.6.46affected
SimStudioAIsim0.6.47affected
SimStudioAIsim0.6.48affected
SimStudioAIsim0.6.49affected
SimStudioAIsim0.6.50affected
SimStudioAIsim0.6.51affected
SimStudioAIsim0.6.52affected
SimStudioAIsim0.6.53affected
SimStudioAIsim0.6.54affected
SimStudioAIsim0.6.55affected
SimStudioAIsim0.6.56affected
SimStudioAIsim0.6.57affected
SimStudioAIsim0.6.58affected
SimStudioAIsim0.6.59affected
SimStudioAIsim0.6.60affected
SimStudioAIsim0.6.61affected
SimStudioAIsim0.6.62affected
SimStudioAIsim0.6.63affected
SimStudioAIsim0.6.64affected
SimStudioAIsim0.6.65affected
SimStudioAIsim0.6.66affected
SimStudioAIsim0.6.67affected
SimStudioAIsim0.6.68affected
SimStudioAIsim0.6.69affected
SimStudioAIsim0.6.70affected
SimStudioAIsim0.6.71affected
SimStudioAIsim0.6.72affected
SimStudioAIsim0.6.73affected
SimStudioAIsim0.6.74affected
SimStudioAIsim0.6.75affected
SimStudioAIsim0.6.76affected
SimStudioAIsim0.6.77affected
SimStudioAIsim0.6.78affected
SimStudioAIsim0.6.79affected
SimStudioAIsim0.6.80affected
SimStudioAIsim0.6.81affected
SimStudioAIsim0.6.82affected
SimStudioAIsim0.6.83affected
SimStudioAIsim0.6.84affected
SimStudioAIsim0.6.85affected
SimStudioAIsim0.6.86affected
SimStudioAIsim0.6.87affected
SimStudioAIsim0.6.88affected
SimStudioAIsim0.6.89affected
SimStudioAIsim0.6.90affected
SimStudioAIsim0.6.91affected
SimStudioAIsim0.6.92affected

Weaknesses

  • CWE-328: Use of Weak Hash
  • CWE-327: Risky Cryptographic Algorithm

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References