216.73.216.75

CVE-2024-58366

· Published 18/07/2026 16:17 · Author: The MITRE Corporation

Labels: CVE-2024-58366

Essential information

Published
18/07/2026 16:17
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
8.5 HIGH (v3.1) 9.0 CRITICAL (v4.0)
CISA KEV
No
CWE
CWE-134
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

CVSS metrics

Description

SurrealDB before 1.1.1 contains a format string vulnerability in the rquickjs Exception::throw_type function when scripting is enabled. Attackers with scripting privileges can supply format string sequences in error inputs to read arbitrary memory or execute code with SurrealDB process privileges.

NVD status

NVD
View on NVD