SurrealDB, Authorization Bypass, CVE-2026-49997 (Medium) -DC-Jul2026-804

Listen to this Post

How CVE-2026-49997 Works

SurrealDB allows records to be connected as a graph using a `RELATE` statement, which creates an edge record between two node records. To maintain graph consistency, SurrealDB features an automatic cleanup mechanism: when a node is deleted, the database automatically removes any edges connected to it.
The vulnerability stems from how this automatic edge removal (Document::purge_edges) was implemented. The function executed with permissions explicitly disabled (opt.clone().with_perms(false)). As a result, it completely bypassed the permission checks defined on the edge table itself.
This created a critical security gap. An attacker who had legitimate `DELETE` permission on a node could exploit this to:
– Delete any edge connected to that node, irrespective of the edge table’s `PERMISSIONS FOR delete` clause.
– Observe edge contents that should have been hidden by the edge table’s `PERMISSIONS FOR select` clause.
The core issue was that the permission context of the caller was not propagated to the edge cleanup process. The fix ensures that each edge `DELETE` operation is evaluated against the edge table’s permissions, matching a direct `DELETE` statement. Versions 3.1.0 and later contain the patch and are not affected.

DailyCVE Form

Platform: SurrealDB
Version: < 3.1.0
Vulnerability: Authorization Bypass
Severity: Medium
date: 2026-07-01

Prediction: 2026-07-01 (Already Patched)

What Undercode Say: Analytics

The vulnerability exists in the `Document::purge_edges` function, which is called during node deletion. The critical code path is as follows:

// Vulnerable code pattern (conceptual)
fn delete_node(node_id: ID, ctx: Context) {
// Authorize node deletion
if !check_permissions(ctx, "node", "DELETE") {
return Err("Permission denied");
}
// Delete the node
delete_record(node_id);
// Purge connected edges - PERMISSIONS DISABLED!
Document::purge_edges(node_id, opt.clone().with_perms(false)); // <-- Vulnerability
}
// Patched code pattern
fn delete_node(node_id: ID, ctx: Context) {
if !check_permissions(ctx, "node", "DELETE") {
return Err("Permission denied");
}
delete_record(node_id);
// Purge connected edges - Propagate caller's permission context
Document::purge_edges(node_id, opt.clone().with_perms(true)); // <-- Fix
}

Exploit

An attacker can exploit this by:

  1. Identifying a target node they have `DELETE` permission on.
  2. Identifying connected edges they wish to delete or view, even if the edge table’s permissions would normally deny them access.

3. Executing a `DELETE` on the target node.

For example, consider the following SurrealQL statements:

-- Define tables
DEFINE TABLE user SCHEMAFULL;
DEFINE TABLE post SCHEMAFULL;
DEFINE TABLE authored_by SCHEMAFULL
PERMISSIONS
FOR select WHERE $auth.id = in.id OR $auth.role = "admin",
FOR delete WHERE $auth.role = "admin";

If a non-admin user ($auth.role = "user") has `DELETE` permission on a `user` node, they could delete that user. The vulnerable `Document::purge_edges` would then delete all related `authored_by` edges, even though the edge table’s `PERMISSIONS FOR delete` clause should have prevented it.

Protection

  • Upgrade: The primary and most effective mitigation is to upgrade SurrealDB to version 3.1.0 or later.
  • Restrict Node DELETE: Limit `DELETE` permission on nodes to only those principals fully trusted to delete all connected edge records.
  • Isolation: Rely on namespace or database isolation as the primary boundary for multi-tenant separation, rather than depending solely on edge-level PERMISSIONS.

Impact

  • Unauthorized Edge Deletion: An attacker can delete any edge connected to a node they have permission to delete, bypassing the edge table’s `DELETE` permissions.
  • Information Disclosure: As a side effect of the deletion process, the attacker can observe the content of edges that should have been hidden by `SELECT` permissions.
  • Limited Scope: The vulnerability does not allow deletion of nodes the attacker does not have `DELETE` permission on, nor does it allow crossing namespace or database boundaries, or privilege escalation.

🎯Let’s Practice Exploiting & Learn Patching For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top