SurrealDB: Authenticated path traversal in the analyzer mapper filter

A logged-in database user with the EDITOR or OWNER role can read arbitrary server files through an analyzer mapper filter and recover the instance root credentials.

Advisory ID: TP-2026-027
Product: SurrealDB (multi-model database)
Vulnerability type: Authenticated path traversal / arbitrary file read (CWE-22)
CVE: not requested
CVSS 3.1: 7.7 (High) · CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected versions: < 3.1.5
Fixed in: 3.1.5
Vendor advisory: GHSA-cc8f-fcx3-gpjr
Reported: 11 June 2026

Summary

SurrealDB is a multi-model database. The statement DEFINE ANALYZER ... FILTERS mapper('<path>') opens the given filesystem path at definition time. The only check is the database permission to edit analyzers; a capability check for the file access is missing. Because the path allowlist is empty by default and then permits any path, a non-root user with the EDITOR or OWNER role can read any file readable by the server process. turingpoint verified the flow and reported it responsibly; the vendor fixed it in 3.1.5.

Root cause

Mapper::new opens the attacker-supplied path with tokio::fs::File::open, reached through mappers().load (surrealdb/core/src/expr/statements/define/analyzer.rs:111 into surrealdb/core/src/idx/ft/analyzer/mapper.rs:27). The only authorization is ctx.is_allowed(opt, Action::Edit, ResourceKind::Analyzer, Base::Db) (analyzer.rs:89), held by any EDITOR or OWNER role, while no capability check guards the file open. The path containment check_is_path_allowed returns the path unchecked when the allowlist is empty (surrealdb/core/src/iam/file.rs:14), and file_allowlist defaults to an empty Vec (surrealdb/core/src/cnf/mod.rs:325). The line parser then bails and embeds the raw file line verbatim into the AnalyzerError result (mapper.rs:43), so file bytes flow back to the caller. This hits the single fail-open path in iam/, while all network, function and scripting capabilities fail closed.

Proof of Concept

Signed in as a database user with the EDITOR role (no root):

DEFINE ANALYZER leak FILTERS mapper('/proc/self/cmdline');

-> the error response carries the raw file line, e.g. "--user root --pass root"
   (instance root credentials); /etc/passwd is readable the same way

The file content is returned embedded in the error result because the path check fails open on an empty allowlist and no capability check restrains the access.

Impact

  • Reads any file readable by the server process (for example /etc/passwd, /proc/self/cmdline).
  • Recovers the instance root credentials from /proc/self/cmdline and thereby fully takes over the database.
  • Breaks the database isolation that SurrealDB documents.

References

Is Something Like This in Your Software?

Our team found this vulnerability in the course of its work. Have your applications tested by the same specialists, with a penetration test from turingpoint.

Request a Pentest