CVE-2026-3432

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-3432

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3432.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-3432

Published

2026-03-02T13:16:05.367Z

Modified

2026-04-10T05:43:01.239322Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

On SimStudio version below to 0.5.74, the /api/auth/oauth/token endpoint contains a code path that bypasses all authorization checks when provided with credentialAccountUserId and providerId parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their user ID and a provider name, effectively stealing credentials to third-party services.

References

https://www.tenable.com/security/research/tra-2026-13

Affected packages

Git / github.com/simstudioai/sim

Affected ranges

Type

GIT

Repo

https://github.com/simstudioai/sim

Events

Introduced

Fixed

11dc18a80d2a161121ce0705e8a859ba60c80f87

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "0.5.74"
        }
    ]
}

Affected versions

python-sdk-v0.*

python-sdk-v0.1.1

python-sdk-v0.1.2

typescript-sdk-v0.*

typescript-sdk-v0.1.1

typescript-sdk-v0.1.2

v0.*

v0.2.1

v0.2.2

v0.2.3

v0.2.4

v0.2.5

v0.2.6

v0.2.7

v0.3.19

v0.3.21

v0.3.22

v0.3.23

v0.3.24

v0.3.26

v0.3.27

v0.3.28

v0.3.30

v0.3.31

v0.3.32

v0.3.33

v0.3.34

v0.3.35

v0.3.36

v0.3.37

v0.3.38

v0.3.39

v0.3.40

v0.3.41

v0.3.42

v0.3.43

v0.3.44

v0.3.45

v0.3.46

v0.3.47

v0.3.50

v0.3.51

v0.3.52

v0.3.53

v0.3.54

v0.3.55

v0.3.56

v0.3.57

v0.3.58

v0.4.0

v0.4.1

v0.4.10

v0.4.11

v0.4.2

v0.4.3

v0.4.4

v0.4.5

v0.4.6

v0.4.7

v0.4.8

v0.4.9

v0.5

v0.5.1

v0.5.11

v0.5.12

v0.5.13

v0.5.14

v0.5.15

v0.5.16

v0.5.17

v0.5.18

v0.5.19

v0.5.2

v0.5.20

v0.5.21

v0.5.22

v0.5.23

v0.5.24

v0.5.25

v0.5.26

v0.5.27

v0.5.28

v0.5.29

v0.5.30

v0.5.31

v0.5.32

v0.5.33

v0.5.34

v0.5.35

v0.5.36

v0.5.37

v0.5.38

v0.5.39

v0.5.40

v0.5.41

v0.5.42

v0.5.43

v0.5.44

v0.5.45

v0.5.46

v0.5.47

v0.5.48

v0.5.49

v0.5.5

v0.5.50

v0.5.51

v0.5.52

v0.5.53

v0.5.54

v0.5.55

v0.5.56

v0.5.57

v0.5.58

v0.5.59

v0.5.6

v0.5.60

v0.5.61

v0.5.62

v0.5.63

v0.5.64

v0.5.65

v0.5.66

v0.5.67

v0.5.68

v0.5.7

v0.5.70

v0.5.71

v0.5.72

v0.5.73

v0.5.8

v0.5.9

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3432.json"