๐Ÿ” CVE Alert

CVE-2025-71391

UNKNOWN 0.0

SurrealDB before 2.2.2 Denial of Service via /sql endpoint

CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th

SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instance and any dependent applications.

CWE CWE-248
Vendor surrealdb
Product surrealdb
Published Jul 18, 2026
Stay Ahead of the Next One

Get instant alerts for surrealdb surrealdb

Be the first to know when new unknown vulnerabilities affecting surrealdb surrealdb are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

surrealdb / surrealdb
0 < 2.2.2
surrealdb / surrealdb
0 < 2.1.5
surrealdb / surrealdb
0 < 2.0.5

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/surrealdb/surrealdb/security/advisories/GHSA-rq86-9m6r-cm3g vulncheck.com: https://www.vulncheck.com/advisories/surrealdb-before-denial-of-service-via-sql-endpoint

Credits

๐Ÿ” castilho101