Security Advisory

CVE-2026-3431

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-02 13:00:58

Last updated 2026-03-02 13:33:23

Assigner tenable

State PUBLISHED

Description

On SimStudio version below to 0.5.74, the MongoDB tool endpoints accept arbitrary connection parameters from the caller without authentication or host restrictions. An attacker can leverage these endpoints to connect to any reachable MongoDB instance and perform unauthorized operations including reading, modifying, and deleting data.

← Browse all CVEs View on cve.org ↗