PatchSiren cyber security CVE debrief
CVE-2024-58365 surrealdb CVE debrief
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-18T14:17:09.460Z and has not been modified since then. SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server. This vulnerability has a high CVSS score of 7.1 and is classified as HIGH severity.
- Vendor
- surrealdb
- Product
- Unknown
- CVSS
- HIGH 7.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-18
- Original CVE updated
- 2026-07-18
- Advisory published
- 2026-07-18
- Advisory updated
- 2026-07-18
Who should care
Defenders should assess SurrealDB usage and prioritize upgrading to version 1.2.0 or later to mitigate potential impacts from uncaught exceptions triggered by nonexistent functions. This includes operators, platform administrators, vulnerability management teams, and security teams who need to review and implement necessary mitigations.
Technical summary
SurrealDB versions before 1.2.0 contain an uncaught exception vulnerability in the query executor when processing calls to nonexistent built-in functions. Authorized clients can craft pre-parsed queries invoking nonexistent functions to trigger a panic that crashes the server. The vulnerability is due to a lack of proper error handling in the query executor. This issue can be mitigated by upgrading to SurrealDB version 1.2.0 or later. Defenders should assess SurrealDB usage and prioritize upgrading to version 1.2.0 or later to mitigate potential impacts from uncaught exceptions triggered by nonexistent functions. This includes operators, platform administrators, vulnerability management teams, and security teams who need to review and implement necessary mitigations. SurrealDB usage should be reviewed for potential exposure, and compensating controls should be considered for exposed systems while remediation is scheduled and verified.
Defensive priority
High priority due to potential for denial-of-service via crashing server and potential impacts from uncaught exceptions triggered by nonexistent functions.
Recommended defensive actions
- Inventory and assess SurrealDB usage in your environment
- Upgrade to SurrealDB version 1.2.0 or later
- Implement monitoring for server crashes and query executor errors
- Restrict query execution to only necessary functions
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
Evidence is limited; primary official records indicate vulnerability exists in SurrealDB versions before 1.2.0. Vendor remediation is to upgrade to version 1.2.0 or later. Defenders should verify SurrealDB usage and assess potential impacts from uncaught exceptions triggered by nonexistent functions. Limited source details are available for further validation.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-18T14:17:09.460Z and has not been modified since then.