Denial of Service Vulnerability in SurrealDB by SurrealDB Inc.
CVE-2024-58370

7.1HIGH

Key Information:

Vendor

Surrealdb

Status
Vendor
CVE Published:
18 July 2026

What is CVE-2024-58370?

SurrealDB versions prior to 1.1.0 are vulnerable to a Denial of Service attack due to inadequate enforcement of recursion depth limits when processing nested SurrealQL statements. Attackers with valid authorization can exploit this flaw by submitting intricate queries that exceed safe nesting levels, leading to stack overflow and potential server crashes. This vulnerability underscores the importance of reviewing and updating server configurations to safeguard against such attacks.

Affected Version(s)

surrealdb 0 < 1.1.0

surrealdb 1.1.0

References

CVSS V4

Score:
7.1
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.