CVE-2026-13510

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.

CVSS v3 3.7 LOW
CVSS v2.0 2.6 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.6^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:N/C:P/I:N/A:N

Exploitability : 4.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/simstudioai/sim/
https://github.com/simstudioai/sim/issues/4759
https://github.com/simstudioai/sim/pull/4760
https://vuldb.com/cve/CVE-2026-13510
https://vuldb.com/submit/838842
https://vuldb.com/vuln/374518
https://vuldb.com/vuln/374518/cti

Configurations

No configuration.

History

28 Jun 2026, 23:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-06-28 23:16

Updated : 2026-06-28 23:16

NVD link : CVE-2026-13510

Mitre link : CVE-2026-13510

CVE.ORG link : CVE-2026-13510

JSON object : View

Products Affected

No product.

CWE

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

CWE-328

Use of Weak Hash

{"id": "CVE-2026-13510", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.2}], "cvssMetricV40": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 2.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "affected": [{"source": "cna@vuldb.com", "affectedData": [{"cpes": ["cpe:2.3:a:sim:sim:*:*:*:*:*:*:*:*"], "vendor": "SimStudioAI", "modules": ["Password Protection Handler"], "product": "sim", "versions": [{"status": "affected", "version": "0.6.0"}, {"status": "affected", "version": "0.6.1"}, {"status": "affected", "version": "0.6.2"}, {"status": "affected", "version": "0.6.3"}, {"status": "affected", "version": "0.6.4"}, {"status": "affected", "version": "0.6.5"}, {"status": "affected", "version": "0.6.6"}, {"status": "affected", "version": "0.6.7"}, {"status": "affected", "version": "0.6.8"}, {"status": "affected", "version": "0.6.9"}, {"status": "affected", "version": "0.6.10"}, {"status": "affected", "version": "0.6.11"}, {"status": "affected", "version": "0.6.12"}, {"status": "affected", "version": "0.6.13"}, {"status": "affected", "version": "0.6.14"}, {"status": "affected", "version": "0.6.15"}, {"status": "affected", "version": "0.6.16"}, {"status": "affected", "version": "0.6.17"}, {"status": "affected", "version": "0.6.18"}, {"status": "affected", "version": "0.6.19"}, {"status": "affected", "version": "0.6.20"}, {"status": "affected", "version": "0.6.21"}, {"status": "affected", "version": "0.6.22"}, {"status": "affected", "version": "0.6.23"}, {"status": "affected", "version": "0.6.24"}, {"status": "affected", "version": "0.6.25"}, {"status": "affected", "version": "0.6.26"}, {"status": "affected", "version": "0.6.27"}, {"status": "affected", "version": "0.6.28"}, {"status": "affected", "version": "0.6.29"}, {"status": "affected", "version": "0.6.30"}, {"status": "affected", "version": "0.6.31"}, {"status": "affected", "version": "0.6.32"}, {"status": "affected", "version": "0.6.33"}, {"status": "affected", "version": "0.6.34"}, {"status": "affected", "version": "0.6.35"}, {"status": "affected", "version": "0.6.36"}, {"status": "affected", "version": "0.6.37"}, {"status": "affected", "version": "0.6.38"}, {"status": "affected", "version": "0.6.39"}, {"status": "affected", "version": "0.6.40"}, {"status": "affected", "version": "0.6.41"}, {"status": "affected", "version": "0.6.42"}, {"status": "affected", "version": "0.6.43"}, {"status": "affected", "version": "0.6.44"}, {"status": "affected", "version": "0.6.45"}, {"status": "affected", "version": "0.6.46"}, {"status": "affected", "version": "0.6.47"}, {"status": "affected", "version": "0.6.48"}, {"status": "affected", "version": "0.6.49"}, {"status": "affected", "version": "0.6.50"}, {"status": "affected", "version": "0.6.51"}, {"status": "affected", "version": "0.6.52"}, {"status": "affected", "version": "0.6.53"}, {"status": "affected", "version": "0.6.54"}, {"status": "affected", "version": "0.6.55"}, {"status": "affected", "version": "0.6.56"}, {"status": "affected", "version": "0.6.57"}, {"status": "affected", "version": "0.6.58"}, {"status": "affected", "version": "0.6.59"}, {"status": "affected", "version": "0.6.60"}, {"status": "affected", "version": "0.6.61"}, {"status": "affected", "version": "0.6.62"}, {"status": "affected", "version": "0.6.63"}, {"status": "affected", "version": "0.6.64"}, {"status": "affected", "version": "0.6.65"}, {"status": "affected", "version": "0.6.66"}, {"status": "affected", "version": "0.6.67"}, {"status": "affected", "version": "0.6.68"}, {"status": "affected", "version": "0.6.69"}, {"status": "affected", "version": "0.6.70"}, {"status": "affected", "version": "0.6.71"}, {"status": "affected", "version": "0.6.72"}, {"status": "affected", "version": "0.6.73"}, {"status": "affected", "version": "0.6.74"}, {"status": "affected", "version": "0.6.75"}, {"status": "affected", "version": "0.6.76"}, {"status": "affected", "version": "0.6.77"}, {"status": "affected", "version": "0.6.78"}, {"status": "affected", "version": "0.6.79"}, {"status": "affected", "version": "0.6.80"}, {"status": "affected", "version": "0.6.81"}, {"status": "affected", "version": "0.6.82"}, {"status": "affected", "version": "0.6.83"}, {"status": "affected", "version": "0.6.84"}, {"status": "affected", "version": "0.6.85"}, {"status": "affected", "version": "0.6.86"}, {"status": "affected", "version": "0.6.87"}, {"status": "affected", "version": "0.6.88"}, {"status": "affected", "version": "0.6.89"}, {"status": "affected", "version": "0.6.90"}, {"status": "affected", "version": "0.6.91"}, {"status": "affected", "version": "0.6.92"}]}]}], "published": "2026-06-28T23:16:47.263", "references": [{"url": "https://github.com/simstudioai/sim/", "source": "cna@vuldb.com"}, {"url": "https://github.com/simstudioai/sim/issues/4759", "source": "cna@vuldb.com"}, {"url": "https://github.com/simstudioai/sim/pull/4760", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/cve/CVE-2026-13510", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/submit/838842", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/vuln/374518", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/vuln/374518/cti", "source": "cna@vuldb.com"}], "vulnStatus": "Received", "weaknesses": [{"type": "Primary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-327"}, {"lang": "en", "value": "CWE-328"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance."}], "lastModified": "2026-06-28T23:16:47.263", "sourceIdentifier": "cna@vuldb.com"}