On SimStudio version below to 0.5.74, the /api/auth/oauth/token endpoint contains a code path that bypasses all authorization checks when provided with credentialAccountUserId and providerId parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their user ID and a provider name, effectively stealing credentials to third-party services.