CVE Catalog

CVE-2026-13510

LowCVSS 3.7
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.22%

12th percentile — higher than 12% of all known CVEs

Summary

A vulnerability was found in SimStudioAI sim up to version 0.6.92 in the password protection handler component (apps/sim/lib/core/security/deployment.ts). Manipulation leads to use of a weak hash, enabling a remote attack with high complexity. The exploit has been made public and a fix is pending.

Risk Assessment

The organization is at risk of remote account takeover or data access through weak password hash cracking. Although the attack is difficult, the public exploit increases the likelihood of exploitation.

Recommendation

Immediately update SimStudioAI sim to a version above 0.6.92 once the fix is released. Until then, implement additional password protection mechanisms, such as stronger hashing.

Original NVD description (English source)

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS