Home
Home
Trends
Trends
Vulnerabilities
Vulnerabilities
News
News
Researchers
Researchers
Why dbugs?
Why dbugs?
Settings

Manelmontilla

#45835of 54,864
5.8Total CVSS
Vulnerabilities · 1
PT-2026-60951
5.8
2026-07-18
Surrealdb · Surrealdb · CVE-2025-71390
**Name of the Vulnerable Software and Affected Versions** SurrealDB versions prior to 2.2.6 SurrealDB versions prior to 2.3.6 SurrealDB versions prior to 2.1.8 SurrealDB versions prior to 3.0.0-alpha.8 **Description** An authenticated user can bypass network access restrictions in `http::*` functions. The software fails to validate DNS-resolved hostnames against the `--deny-net` restriction. By invoking `http::<fn>(<url>)` with a hostname that resolves to a denied IP address, the server issues the request and returns the response. This allows access to restricted internal endpoints, potentially leading to the retrieval or alteration of sensitive information and credentials. **Recommendations** Update SurrealDB to version 2.2.6 or later. Update SurrealDB to version 2.3.6 or later. Update SurrealDB to version 2.1.8 or later. Update SurrealDB to version 3.0.0-alpha.8 or later.