CVE-2026-13510 PUBLISHED

A vulnerability was found in SimStudioAI sim up to 0.6.92. Affected by this vulnerability is an unknown functionality in the library apps/sim/lib/core/security/deployment.ts of the component Password Protection Handler. Performing a manipulation results in use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit has been made public and could be used. The pull request to fix this issue awaits acceptance.

• Dem000000 (VulDB User) reporter
• VulDB CNA Team coordinator

• VDB-374518 | SimStudioAI sim Password Protection deployment.ts weak hash
• VDB-374518 | CTI Indicators (IOB, IOC, TTP, IOA)
• CVE-2026-13510 | CVE Analysis and Report
• Submit #838842 | Sim Studio / simstudioai sim Affected at least commit 7b572f1f61a8bbcee31fd7389097814a71f8f094; still present in origin/main commit e532e0a6da6fd22eee98310ba Improper Verification of Cryptographic Signature (CWE-347), Use
• https://github.com/simstudioai/sim/issues/4759
• https://github.com/simstudioai/sim/pull/4760
• https://github.com/simstudioai/sim/

• Use of Weak Hash CWE
• Risky Cryptographic Algorithm CWE