GHSA-3V2X-9XCV-2V2V
Vulnerability from github – Published: 2026-01-22 18:06 – Updated: 2026-01-23 16:05Unprivileged users (for example, those with the database editor role) can create or modify fields in records that contain functions or futures. Futures are values which are only computed when the value is queried. The query executes in the context of the querying user, rather than the user who originally defined the future. Likewise, fields containing functions or custom-defined logic (closures) are executed under the privileges of the invoking user, not the creator.
This results in a confused deputy vulnerability: an attacker with limited privileges can define a malicious function or future field that performs privileged actions. When a higher-privileged user (such as a root owner or namespace administrator) executes the function or queries or modifies that record, the function executes with their elevated permissions.
Impact
An attacker who can create or update function/future fields can plant logic that executes with a privileged user’s context. If a privileged user performs a write that touches the malicious field, the attacker can achieve full privilege escalation (e.g., create a root owner and take over the server).
If a privileged user performs a read action on the malicious field, this attack vector could still be potentially be used to perform limited denial of service or, in the specific case where the network capability was explicitly enabled and unrestricted, exfiltrate database information over the network.
Patches
Versions prior to 2.5.0 and 3.0.0-beta.3 are vulnerable.
For SurrealDB 3.0, futures are no longer supported, replaced by computed fields, only available within schemaful tables.
Further to this patches for 2.5.0 and 3.0.0-beta.3:
- Implements an auth_limit on defined apis, functions, fields and events, that limits execution to the permissions of the creating user instead of the invoking user.
- Prevents closures from being stored, that eliminates a potential attack surface. For 2.5.0 this can still be allowed by using the insecure_storable_closures capability
- Ensures the proper auth level is used to compute expressions in signin & signup
For existing functions defined prior to upgrading to 2.5.0 or 3.0.0-beta.3 auth_limit will not apply, to avoid breaking changes. Functions will need to subsequently be redefined so that auth_limit can take effect.
Workarounds
Users unable to patch are advised to evaluate their use of the database to identify where low privileged users are able to define logic subsequently executed by privileged users, such as apis, functions, futures fields and events, and recommended to minimise these instances.
References
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "surrealdb"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.5.0"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "crates.io",
"name": "surrealdb"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0-alpha.1"
},
{
"fixed": "3.0.0-beta.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-441"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-22T18:06:15Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "Unprivileged users (for example, those with the database editor role) can create or modify fields in records that contain functions or `futures`. `Futures` are values which are only computed when the value is queried. The query executes in the context of the querying user, rather than the user who originally defined the future. Likewise, fields containing functions or custom-defined logic (`closures`) are executed under the privileges of the invoking user, not the creator.\n\nThis results in a confused deputy vulnerability: an attacker with limited privileges can define a malicious function or future field that performs privileged actions. When a higher-privileged user (such as a root owner or namespace administrator) executes the function or queries or modifies that record, the function executes with their elevated permissions. \n\n### Impact\nAn attacker who can create or update function/future fields can plant logic that executes with a privileged user\u2019s context. If a privileged user performs a write that touches the malicious field, the attacker can achieve full privilege escalation (e.g., create a root owner and take over the server). \n\nIf a privileged user performs a read action on the malicious field, this attack vector could still be potentially be used to perform limited denial of service or, in the specific case where the network capability was explicitly enabled and unrestricted, exfiltrate database information over the network.\n\n### Patches\n\nVersions prior to 2.5.0 and 3.0.0-beta.3 are vulnerable.\n\nFor SurrealDB 3.0, `futures` are no longer supported, replaced by `computed` fields, only available within schemaful tables. \n\nFurther to this patches for 2.5.0 and 3.0.0-beta.3: \n- Implements an `auth_limit` on defined apis, functions, fields and events, that limits execution to the permissions of the creating user instead of the invoking user.\n- Prevents `closures` from being stored, that eliminates a potential attack surface. For 2.5.0 this can still be allowed by using the `insecure_storable_closures` capability\n- Ensures the proper auth level is used to compute expressions in signin \u0026 signup\n\nFor existing functions defined prior to upgrading to 2.5.0 or 3.0.0-beta.3 `auth_limit` will not apply, to avoid breaking changes. Functions will need to subsequently be redefined so that `auth_limit` can take effect.\n\n### Workarounds\nUsers unable to patch are advised to evaluate their use of the database to identify where low privileged users are able to define logic subsequently executed by privileged users, such as apis, functions, futures fields and events, and recommended to minimise these instances.\n\n### References\n[Futures](https://surrealdb.com/docs/surrealql/datamodel/futures)\n[Closures](https://surrealdb.com/docs/surrealql/datamodel/closures)\n[SurrealDB Environment Variables](https://surrealdb.com/docs/surrealdb/cli/env)",
"id": "GHSA-3v2x-9xcv-2v2v",
"modified": "2026-01-23T16:05:55Z",
"published": "2026-01-22T18:06:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/surrealdb/surrealdb/security/advisories/GHSA-3v2x-9xcv-2v2v"
},
{
"type": "WEB",
"url": "https://github.com/surrealdb/surrealdb/commit/f515c91363ee735aa1bc08580d9e7fa0de6e736f"
},
{
"type": "PACKAGE",
"url": "https://github.com/surrealdb/surrealdb"
},
{
"type": "WEB",
"url": "https://github.com/surrealdb/surrealdb/releases/tag/v2.5.0"
},
{
"type": "WEB",
"url": "https://github.com/surrealdb/surrealdb/releases/tag/v3.0.0-beta.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions"
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.