PatchSiren cyber security CVE debrief
CVE-2024-58368 surrealdb CVE debrief
SurrealDB versions before 1.1.0 are vulnerable to a denial-of-service attack due to improper parsing of ID, DB, and NS headers in HTTP REST API requests containing special characters. This issue allows unauthenticated attackers to send crafted HTTP requests that trigger an uncaught exception, causing the server to crash. The vulnerability has a high CVSS score of 8.7, indicating a significant risk to affected systems. Users of SurrealDB versions before 1.1.0 should be aware of this vulnerability and take steps to mitigate it. The vulnerability exists in the HTTP REST API of SurrealDB, where the application fails to properly parse headers with special characters. This can be exploited by unauthenticated attackers to cause a denial-of-service condition. The issue is resolved in SurrealDB version 1.1.0.
- Vendor
- surrealdb
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-18
- Original CVE updated
- 2026-07-18
- Advisory published
- 2026-07-18
- Advisory updated
- 2026-07-18
Who should care
Users of SurrealDB versions before 1.1.0 should be aware of this vulnerability and take steps to mitigate it. This vulnerability has a high CVSS score of 8.7, indicating a significant risk to affected systems. The vulnerability exists in the HTTP REST API of SurrealDB, where the application fails to properly parse headers with special characters. This can be exploited by unauthenticated attackers to cause a denial-of-service condition.
Technical summary
The vulnerability exists in the HTTP REST API of SurrealDB, where the application fails to properly parse headers with special characters. This can be exploited by unauthenticated attackers to cause a denial-of-service condition. The issue is resolved in SurrealDB version 1.1.0. The vulnerability has a high CVSS score of 8.7, indicating a significant risk to affected systems. Users of SurrealDB versions before 1.1.0 should be aware of this vulnerability and take steps to mitigate it.
Defensive priority
High
Recommended defensive actions
- Upgrade to SurrealDB version 1.1.0 or later
- Implement input validation and sanitization for HTTP REST API requests
- Monitor for suspicious HTTP requests
- Consider implementing a web application firewall (WAF) to detect and prevent malicious requests
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-18T14:17:09.867Z and has not been modified since then. The NVD entry is currently in the 'Received' status. This information is based on the provided source corpus and may not reflect the current status of the vulnerability. Users should verify the information with the official CVE record and NVD entry for the most up-to-date details. The evidence notes are limited and may not provide a comprehensive understanding of the vulnerability.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-18T14:17:09.867Z and has not been modified since then. The NVD entry is currently in the 'Received' status.