216.73.217.126

CVE-2023-54366

· Published 18/07/2026 16:17 · Author: The MITRE Corporation

Labels: CVE-2023-54366

Essential information

Published
18/07/2026 16:17
Modified
Author
The MITRE Corporation
Creator
The MITRE Corporation
CVSS
8.8 HIGH (v3.1) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CWE-276
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

SurrealDB before 1.0.1 sets default table permissions to FULL instead of NONE, allowing SELECT, CREATE, UPDATE, and DELETE operations on tables without explicit permissions. Attackers with database access or unauthenticated users on publicly exposed instances can perform unrestricted operations on unprotected tables within their authorization scope.

NVD status

NVD
View on NVD