Product
high
advisory
ArcadeDB IMPORT DATABASE Allows SSRF and Arbitrary Local File Read
2 rules 3 TTPsAuthenticated users can exploit an unvalidated `IMPORT DATABASE` function in ArcadeDB (CVE-2026-54077) to perform Server-Side Request Forgery (CWE-918) against cloud metadata endpoints and internal services, or achieve arbitrary local file read (CWE-22) via `file://` paths, exposing sensitive data.
arcadedb-engine
arcadedb
ssrf
file-read
cve
database
2r
3t
critical
advisory
ArcadeDB Authorization Bypass Vulnerability
2 rules 2 TTPs 1 CVEArcadeDB versions prior to 26.4.2 are vulnerable to an authorization bypass, allowing authenticated users and API tokens scoped to a specific database to read, write, and mutate schema on any other database on the same server, and disabling the record-level authorization system for newly created databases.
arcadedb-server +2
authorization bypass
privilege escalation
cve-2026-44221
2r
2t
1c
updated