MEDIUM
surrealdb
CVE published 2026-07-17
CVE-2026-63309
CVE-2026-63309 is a medium-severity vulnerability in SurrealDB, a database management system. The issue arises from the failure to apply field-level SELECT permissions to ORDER BY clauses in versions prior to 3.1.5. This oversight allows authenticated users to infer the relative ordering of restricted field values by issuing ORDER BY queries on indexed restricted fields. Consequently, attackers can recove [truncated]