EUVD-2026-4131

SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions...

GHSA-3V2X-9XCV-2V2V SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions

Unprivileged users for example, those with the database editor role can create or modify fields in records that contain functions or futures. Futures are values which are only computed when the value is queried. The query executes in the context of the querying user, rather than the user who...