Stats Digest Feeds
โ† Back to all CVEs

CVE-2025-71393

UNKNOWN NVD
CVSS Score 0
Severity UNKNOWN
Published Jul 18, 2026
Vendor unknown

Description

SurrealDB before 2.2.2 with scripting enabled fails to properly enforce recursion limits when native functions contain embedded JavaScript that issues new queries. Authenticated attackers can bypass the recursion limit by chaining native and JavaScript function calls to trigger infinite recursion and exhaust server memory.

References