Ghostwire

CVE-2024-58365: SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls...

MEDIUM CVSS 6.5 Exploit Available

Published: July 18, 2026 | Last Modified: July 18, 2026

Description

SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

References