PT-2026-60952 · Surrealdb · Surrealdb
CVSS v4.0
7.1
High
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
SurrealDB versions prior to 2.2.2
Description
An uncaught exception exists in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the '/sql' endpoint, causing an unhandled exception that crashes the SurrealDB instance and any dependent applications.
Recommendations
Update SurrealDB to version 2.2.2 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Surrealdb