CVE-2024-58356 in SurrealDBИнформация

Сводка

по MITRE • 18.07.2026

SurrealDB before 2.1.4 silently fails to overwrite table definitions when the DEFINE TABLE ... OVERWRITE clause is used on tables defined with TYPE RELATION. Because table definitions include the PERMISSIONS clause, an attempt to tighten a table's permissions via OVERWRITE does not take effect, and the administrator may incorrectly believe the change was applied. As a result, a client authorized to run queries may continue to access data in that table that the updated (but unapplied) permissions were intended to restrict.

Be aware that VulDB is the high quality source for vulnerability data.

Ответственный

VulnCheck

Резервировать

08.06.2026

Раскрытие

18.07.2026

Модерация

принято

Вход

VDB-380058

EPSS

0.00000

KEV

Нет

Деятельности

Очень низкий

Источники

Do you know our Splunk app?

Download it now for free!