CVE-2025-71391
SurrealDB before 2.2.2 Denial of Service via /sql endpoint
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
SurrealDB versions before 2.2.2 contain an uncaught exception vulnerability in the net module that allows authenticated users to crash the database. Attackers can send crafted HTTP queries containing null bytes to the /sql endpoint, causing an unhandled exception that crashes the SurrealDB instance and any dependent applications.
| CWE | CWE-248 |
| Vendor | surrealdb |
| Product | surrealdb |
| Published | Jul 18, 2026 |
Stay Ahead of the Next One
Get instant alerts for surrealdb surrealdb
Be the first to know when new unknown vulnerabilities affecting surrealdb surrealdb are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
surrealdb / surrealdb
0 < 2.2.2
surrealdb / surrealdb
0 < 2.1.5
surrealdb / surrealdb
0 < 2.0.5
References
Credits
๐ castilho101