Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible attack requires cookie interception as prerequisite (AC:H); no prior privileges needed to receive the token (PR:N); impact is limited to partial confidentiality from hash slot leakage with no integrity or availability consequence.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.
AnalysisAI
Deployment authentication token weakness in SimStudioAI Sim up to 0.6.92 leaks a truncated SHA-256 derivative of the encrypted deployment password inside base64-encoded auth cookies, enabling offline hash cracking and potential token forgery against password-protected deployments. The vulnerable Password Protection Handler embeds only the first 8 hex characters (32 bits) of an unsalted SHA-256 hash of the encrypted password directly in the unprotected token payload - a CWE-328 use of weak hash - allowing an attacker who obtains the cookie to brute-force the narrow hash space and fingerprint or bypass deployment authentication. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the targeted SimStudioAI Sim instance has the Password Protection feature enabled on at least one deployed agent - deployments without password protection do not issue the vulnerable auth tokens. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P) scores 6.3 and accurately reflects a network-accessible, high-complexity attack limited to confidentiality impact on the vulnerable system with no integrity or availability consequence. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker targeting a SimStudioAI Sim deployment with password protection enabled intercepts a victim's deployment auth cookie via network sniffing on non-HTTPS traffic or through a client-side cookie theft vector. The attacker base64-decodes the token, extracts the 8-character hex `passwordSlot` field, and runs an offline brute-force or dictionary attack against the 32-bit SHA-256 hash space to recover the encrypted password derivative. … |
| Remediation | No officially merged or released patch exists at time of analysis - fix PR #4760 (https://github.com/simstudioai/sim/pull/4760) is pending acceptance. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
SimStudio below 0.5.74 has a missing authorization on MongoDB tool endpoints that allows attackers to execute arbitrary
A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps
A vulnerability classified as critical has been found in SimStudioAI sim up to 0.1.17. Affected is the function handleLo
A vulnerability was identified in SimStudioAI sim up to 1.0.0. Rated medium severity (CVSS 5.3), this vulnerability is r
SimStudio has a second authorization flaw in the OAuth token endpoint that allows privilege escalation through crafted t
Same weakness CWE-328 – Use of Weak Hash
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40007
GHSA-g2q4-cj5p-88qg