A vulnerability identified as critical has been detected in SurrealDB up to 3.0.x. Affected by this issue is the function purge_edges of the file surrealdb/core/src/doc/delete.rs of the component Edge Deletion. The manipulation of the argument perms leads to permission issues.

This vulnerability is referenced as CVE-2026-49997. Remote exploitation of the attack is possible. No exploit is available.