Denial of Service Vulnerability in SurrealDB by SurrealDB Inc.
CVE-2024-58358

6.9MEDIUM

Key Information:

Vendor

Surrealdb

Status
Vendor
CVE Published:
18 July 2026

What is CVE-2024-58358?

SurrealDB versions prior to 2.1.0 are susceptible to a denial of service attack stemming from role conversion issues. Privileged owner users can create users assigned with roles that do not exist. If an attacker gains access and signs in using such an invalid role, it can result in an uncaught panic, consequently crashing the server. This vulnerability emphasizes the importance of role management and validation processes in ensuring system stability.

Affected Version(s)

surrealdb 0 < 2.1.0

surrealdb 0 < 2.1.0

surrealdb 2.1.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

garyhai
.