CVE-2026-3431 - Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion

CVE ID : CVE-2026-3431 Published : March 2, 2026, 1 p.m. | 15 minutes ago Description : On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including reading, modifying, and deleting data. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more...