Home
Home
Trends
Trends
Vulnerabilities
Vulnerabilities
News
News
Researchers
Researchers
Why dbugs?
Why dbugs?
Settings

5Hanth

#39938of 54,864
7.1Total CVSS
Vulnerabilities · 1
PT-2026-60947
7.1
2026-07-18
Surrealdb · Surrealdb · CVE-2024-58367
**Name of the Vulnerable Software and Affected Versions** SurrealDB versions prior to 2.0.4 **Description** Authorized users can bypass field permissions during SELECT, UPDATE, and DELETE operations to access unauthorized field values. This is achieved through various query techniques, including the use of SELECT VALUE operations, field aliasing, function arguments, WHERE clause filtering, RETURN BEFORE clauses, and SET clause references, which allow the leakage of protected field contents even when SELECT permissions are absent. **Recommendations** Update SurrealDB to version 2.0.4 or later.