PT-2026-60948 · Surrealdb · Surrealdb

·

CVE-2024-58368

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions SurrealDB versions prior to 1.1.0
Description An issue exists where the server fails to properly parse the ID, DB, and NS headers in HTTP REST API requests that contain special characters. Unauthenticated attackers can send crafted HTTP requests with malformed header values to trigger an uncaught exception, resulting in a denial of service by crashing the server.
Recommendations Update to version 1.1.0 or later.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2024-58368

Affected Products

Surrealdb