Authentication Bypass Vulnerability in SurrealDB by SurrealDB
CVE-2024-58363

5.3MEDIUM

Key Information:

Vendor

Surrealdb

Status
Vendor
CVE Published:
18 July 2026

What is CVE-2024-58363?

SurrealDB versions prior to 1.5.4 are susceptible to an authentication bypass that occurs when a user switches databases using the USE clause or the use method. This vulnerability allows authenticated attackers to impersonate another user in a different database if there exists a user record with the same identifier. As a result, unauthorized actions can be executed, particularly if access control is solely dependent on the $auth parameter.

Affected Version(s)

surrealdb 0 < 1.5.4

surrealdb 0 < 2.0.0-alpha.6

surrealdb 0 < 1.5.1

References

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

ericwhitefield
.