A vulnerability identified as critical has been detected in SurrealDB up to 3.0.x. Affected by this issue is the function
purge_edges of the file surrealdb/core/src/doc/delete.rs of the component Edge Deletion. The manipulation of the argument perms leads to permission issues.
This vulnerability is referenced as CVE-2026-49997. Remote exploitation of the attack is possible. No exploit is available.