PT-2026-60950 · Surrealdb · Surrealdb

CVE-2024-58370

·

Published

2026-07-18

·

Updated

2026-07-18

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions SurrealDB versions prior to 1.1.0
Description The software fails to enforce recursion depth limits when parsing nested SurrealQL statements, specifically involving IF, RELATE, and attribute access idioms. Authorized attackers can submit queries with excessive nesting depth to trigger a stack overflow, which leads to a server crash.
Recommendations Update to version 1.1.0 or later.

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2024-58370

Affected Products

Surrealdb