CVE-2024-58368
HIGH
NVD
CVSS Score
7.5
Severity
HIGH
Published
Jul 18, 2026
Vendor
unknown
Description
SurrealDB versions before 1.1.0 fail to properly parse the ID, DB, and NS headers in HTTP REST API requests containing special characters. Unauthenticated attackers can send crafted HTTP requests with malformed header values to trigger an uncaught exception that crashes the server.