CVE-2024-58366
HIGH
NVD
CVSS Score
8.5
Severity
HIGH
Published
Jul 18, 2026
Vendor
unknown
Description
SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throw_type function when scripting is enabled. Attackers with scripting privileges can supply format string sequences in error inputs to read arbitrary memory or execute code with SurrealDB process privileges.