{"id":"CVE-2026-3432","details":"On SimStudio version below to 0.5.74, the `/api/auth/oauth/token` endpoint contains a code path that bypasses all authorization checks when provided with `credentialAccountUserId` and `providerId` parameters. An unauthenticated attacker can retrieve OAuth access tokens for any user by supplying their user ID and a provider name, effectively stealing credentials to third-party services.","modified":"2026-04-10T05:43:01.239322Z","published":"2026-03-02T13:16:05.367Z","references":[{"type":"ADVISORY","url":"https://www.tenable.com/security/research/tra-2026-13"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/simstudioai/sim","events":[{"introduced":"0"},{"fixed":"11dc18a80d2a161121ce0705e8a859ba60c80f87"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.5.74"}]}}],"versions":["python-sdk-v0.1.1","python-sdk-v0.1.2","typescript-sdk-v0.1.1","typescript-sdk-v0.1.2","v0.2.1","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6","v0.2.7","v0.3.19","v0.3.21","v0.3.22","v0.3.23","v0.3.24","v0.3.26","v0.3.27","v0.3.28","v0.3.30","v0.3.31","v0.3.32","v0.3.33","v0.3.34","v0.3.35","v0.3.36","v0.3.37","v0.3.38","v0.3.39","v0.3.40","v0.3.41","v0.3.42","v0.3.43","v0.3.44","v0.3.45","v0.3.46","v0.3.47","v0.3.50","v0.3.51","v0.3.52","v0.3.53","v0.3.54","v0.3.55","v0.3.56","v0.3.57","v0.3.58","v0.4.0","v0.4.1","v0.4.10","v0.4.11","v0.4.2","v0.4.3","v0.4.4","v0.4.5","v0.4.6","v0.4.7","v0.4.8","v0.4.9","v0.5","v0.5.1","v0.5.11","v0.5.12","v0.5.13","v0.5.14","v0.5.15","v0.5.16","v0.5.17","v0.5.18","v0.5.19","v0.5.2","v0.5.20","v0.5.21","v0.5.22","v0.5.23","v0.5.24","v0.5.25","v0.5.26","v0.5.27","v0.5.28","v0.5.29","v0.5.30","v0.5.31","v0.5.32","v0.5.33","v0.5.34","v0.5.35","v0.5.36","v0.5.37","v0.5.38","v0.5.39","v0.5.40","v0.5.41","v0.5.42","v0.5.43","v0.5.44","v0.5.45","v0.5.46","v0.5.47","v0.5.48","v0.5.49","v0.5.5","v0.5.50","v0.5.51","v0.5.52","v0.5.53","v0.5.54","v0.5.55","v0.5.56","v0.5.57","v0.5.58","v0.5.59","v0.5.6","v0.5.60","v0.5.61","v0.5.62","v0.5.63","v0.5.64","v0.5.65","v0.5.66","v0.5.67","v0.5.68","v0.5.7","v0.5.70","v0.5.71","v0.5.72","v0.5.73","v0.5.8","v0.5.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3432.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}]}