CVE-2026-49997 in SurrealDBinformação

Sumário

de MITRE • 15/07/2026

SurrealDB is a scalable, distributed, collaborative, document-graph database for the realtime web. Prior to 3.1.0, Document::purge_edges in surrealdb/core/src/doc/delete.rs automatically removed graph edge records with permissions disabled through opt.clone().with_perms(false) when a connected node was deleted, bypassing the edge table's PERMISSIONS FOR delete and PERMISSIONS FOR select clauses. This issue is fixed in version 3.1.0.

Once again VulDB remains the best source for vulnerability data.

Responsável

GitHub M

Reservar

02/06/2026

Divulgação

15/07/2026

Moderação

aceite

Entrada

VDB-379326

CPE

pronto

EPSS

0.00000

KEV

não

Atividades

muito baixo

Fontes

Interested in the pricing of exploits?

See the underground prices here!