{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/surrealdb-before-1.0.1/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2023-54366"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["SurrealDB (before 1.0.1)"],"_cs_severities":["high"],"_cs_tags":["misconfiguration","database","vulnerability","data-exfiltration"],"_cs_type":"advisory","_cs_vendors":["SurrealDB"],"content_html":"\u003cp\u003eCVE-2023-54366 details a critical vulnerability in SurrealDB versions prior to 1.0.1 where the default table permissions are configured to FULL instead of NONE. This misconfiguration allows unauthenticated users or those with existing database access on publicly exposed instances to bypass intended access controls. Attackers can perform a wide range of operations including SELECT, CREATE, UPDATE, and DELETE on any table within their authorization scope that does not have explicit permission settings. This flaw presents a significant risk to data confidentiality, integrity, and availability, potentially leading to unauthorized data exposure, manipulation, or complete deletion. Organizations using affected SurrealDB instances are strongly advised to patch immediately to prevent exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a publicly exposed SurrealDB instance lacking proper network access controls or gains initial unauthorized access to a SurrealDB database.\u003c/li\u003e\n\u003cli\u003eAttacker initiates a connection to the vulnerable SurrealDB instance.\u003c/li\u003e\n\u003cli\u003eAttacker queries the database for existing tables and their schema.\u003c/li\u003e\n\u003cli\u003eThe vulnerability (CVE-2023-54366) allows default permissions to be \u0026quot;FULL\u0026quot; for tables lacking explicit \u0026quot;NONE\u0026quot; settings.\u003c/li\u003e\n\u003cli\u003eAttacker exploits these default permissions to perform unauthorized \u003ccode\u003eSELECT\u003c/code\u003e operations on sensitive tables, leading to data exfiltration.\u003c/li\u003e\n\u003cli\u003eAttacker further utilizes \u003ccode\u003eCREATE\u003c/code\u003e, \u003ccode\u003eUPDATE\u003c/code\u003e, or \u003ccode\u003eDELETE\u003c/code\u003e operations on tables to manipulate or destroy data within the database.\u003c/li\u003e\n\u003cli\u003eThe attack culminates in unauthorized data access, modification, or deletion, compromising the integrity and confidentiality of the data.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2023-54366 can lead to severe consequences, primarily affecting data confidentiality, integrity, and availability. Attackers can read sensitive information from any unprotected table, resulting in data breaches and regulatory non-compliance. They can also create, modify, or delete existing data, leading to data corruption, financial fraud, or service disruption. The impact is especially critical for publicly exposed instances, where unauthenticated attackers could perform these operations, affecting potentially all data stored in misconfigured tables. The extent of damage depends on the sensitivity of the data and the attacker's objectives.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch SurrealDB to version 1.0.1 or later to address CVE-2023-54366 immediately.\u003c/li\u003e\n\u003cli\u003eReview all SurrealDB table definitions and explicitly set permissions for sensitive tables to \u003ccode\u003eNONE\u003c/code\u003e for unauthenticated or untrusted users, or as required by your security policy.\u003c/li\u003e\n\u003cli\u003eRestrict network access to SurrealDB instances, ensuring they are not publicly exposed unless absolutely necessary, and only accessible from trusted IP ranges.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-18T14:19:32Z","date_published":"2026-07-18T14:19:32Z","id":"https://feed.craftedsignal.io/briefs/2026-07-surrealdb-default-permissions/","summary":"SurrealDB versions prior to 1.0.1 are vulnerable due to default table permissions being set to FULL instead of NONE, allowing attackers with existing database access or unauthenticated users on publicly exposed instances to perform unrestricted SELECT, CREATE, UPDATE, and DELETE operations on tables that lack explicit permission settings, leading to unauthorized data access, modification, or deletion.","title":"SurrealDB Default Permissions Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-07-surrealdb-default-permissions/"}],"language":"en","title":"CraftedSignal Threat Feed - SurrealDB (Before 1.0.1)","version":"https://jsonfeed.org/version/1.1"}