Product
An unauthenticated remote code execution vulnerability exists in SurrealDB's RPC API, affecting versions prior to 1.5.5 and 2.0.0-beta prior to 2.0.0-beta.3, allowing attackers to inject a specially crafted binary object containing a subquery during signin or signup operations, leading to execution with editor-level privileges and manipulation of non-IAM database resources.