SurrealDB HTTP Redirect Vulnerability Allowing Server-Side Request Forgery

Vulnerability

A server-side request forgery (SSRF) vulnerability has been identified in SurrealDB versions prior to 2.2.2. The issue arises because the database fails to properly validate HTTP redirects in its HTTP functions. This flaw enables authenticated users to circumvent deny-net restrictions by redirecting to blocked IP addresses. Attackers can exploit this by hosting a public server that redirects to denied network targets, thereby accessing internal endpoints and potentially retrieving sensitive information.

Impact

Exploitation of this vulnerability allows for the bypass of deny-net restrictions, enabling access to internal endpoints that could be exploited to retrieve or alter sensitive information. Additionally, if redirected traffic reaches the SurrealDB port, it could disrupt availability.

Remediation

Users can update to SurrealDB versions 2.2.2, 2.1.5, or 2.0.5 to address this vulnerability. For those unable to update, the deny-net capability can be used to block access to internal and private IP addresses, or an allowlist approach can be adopted by specifying trusted endpoints.

Added: Jul 18, 2026, 2:25 PM
Updated: Jul 18, 2026, 2:25 PM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
0.6
exploitability
4.7
remediation
0.0
relevance
10.0
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.