Listen to this Post
How CVE-2026-49997 Works
SurrealDB allows records to be connected as a graph using a `RELATE` statement, which creates an edge record between two node records. To maintain graph consistency, SurrealDB features an automatic cleanup mechanism: when a node is deleted, the database automatically removes any edges connected to it.
The vulnerability stems from how this automatic edge removal (Document::purge_edges) was implemented. The function executed with permissions explicitly disabled (opt.clone().with_perms(false)). As a result, it completely bypassed the permission checks defined on the edge table itself.
This created a critical security gap. An attacker who had legitimate `DELETE` permission on a node could exploit this to:
– Delete any edge connected to that node, irrespective of the edge table’s `PERMISSIONS FOR delete` clause.
– Observe edge contents that should have been hidden by the edge table’s `PERMISSIONS FOR select` clause.
The core issue was that the permission context of the caller was not propagated to the edge cleanup process. The fix ensures that each edge `DELETE` operation is evaluated against the edge table’s permissions, matching a direct `DELETE` statement. Versions 3.1.0 and later contain the patch and are not affected.
DailyCVE Form
Platform: SurrealDB
Version: < 3.1.0
Vulnerability: Authorization Bypass
Severity: Medium
date: 2026-07-01
Prediction: 2026-07-01 (Already Patched)
What Undercode Say: Analytics
The vulnerability exists in the `Document::purge_edges` function, which is called during node deletion. The critical code path is as follows:
// Vulnerable code pattern (conceptual)
fn delete_node(node_id: ID, ctx: Context) {
// Authorize node deletion
if !check_permissions(ctx, "node", "DELETE") {
return Err("Permission denied");
}
// Delete the node
delete_record(node_id);
// Purge connected edges - PERMISSIONS DISABLED!
Document::purge_edges(node_id, opt.clone().with_perms(false)); // <-- Vulnerability
}
// Patched code pattern
fn delete_node(node_id: ID, ctx: Context) {
if !check_permissions(ctx, "node", "DELETE") {
return Err("Permission denied");
}
delete_record(node_id);
// Purge connected edges - Propagate caller's permission context
Document::purge_edges(node_id, opt.clone().with_perms(true)); // <-- Fix
}
Exploit
An attacker can exploit this by:
- Identifying a target node they have `DELETE` permission on.
- Identifying connected edges they wish to delete or view, even if the edge table’s permissions would normally deny them access.
3. Executing a `DELETE` on the target node.
For example, consider the following SurrealQL statements:
-- Define tables DEFINE TABLE user SCHEMAFULL; DEFINE TABLE post SCHEMAFULL; DEFINE TABLE authored_by SCHEMAFULL PERMISSIONS FOR select WHERE $auth.id = in.id OR $auth.role = "admin", FOR delete WHERE $auth.role = "admin";
If a non-admin user ($auth.role = "user") has `DELETE` permission on a `user` node, they could delete that user. The vulnerable `Document::purge_edges` would then delete all related `authored_by` edges, even though the edge table’s `PERMISSIONS FOR delete` clause should have prevented it.
Protection
- Upgrade: The primary and most effective mitigation is to upgrade SurrealDB to version 3.1.0 or later.
- Restrict Node DELETE: Limit `DELETE` permission on nodes to only those principals fully trusted to delete all connected edge records.
- Isolation: Rely on namespace or database isolation as the primary boundary for multi-tenant separation, rather than depending solely on edge-level
PERMISSIONS.
Impact
- Unauthorized Edge Deletion: An attacker can delete any edge connected to a node they have permission to delete, bypassing the edge table’s `DELETE` permissions.
- Information Disclosure: As a side effect of the deletion process, the attacker can observe the content of edges that should have been hidden by `SELECT` permissions.
- Limited Scope: The vulnerability does not allow deletion of nodes the attacker does not have `DELETE` permission on, nor does it allow crossing namespace or database boundaries, or privilege escalation.
🎯Let’s Practice Exploiting & Learn Patching For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

