Improper Check for Unusual or Exceptional Conditions Affecting surrealdb package, versions <3.1.0-beta.3


Severity

Recommended
0.0
high
0
10

CVSS assessment by Snyk's Security Team. Learn more

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-RUST-SURREALDB-17797582
  • published2 Jul 2026
  • disclosed1 Jul 2026
  • creditUnknown

Introduced: 1 Jul 2026

New CVE NOT AVAILABLE CWE-754  (opens in a new tab)

How to fix?

Upgrade surrealdb to version 3.1.0-beta.3 or higher.

Overview

Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the LIVE query registration process. An attacker can disrupt all CREATE, UPDATE, and DELETE operations on a watched table by registering a specially crafted LIVE query with a WHERE clause that triggers an evaluation error, causing write operations to fail for all users, including those with elevated privileges, until the malicious query is removed or the session ends.

Workaround

This vulnerability can be mitigated by restricting the ability of untrusted users to register LIVE queries by removing the select permission on tables that should remain writeable, or by gating LIVE registration at the application layer.

CVSS Base Scores

version 4.0
version 3.1