Search criteria
6 vulnerabilities found for Community Edition by neo4j
CVE-2026-1337 (GCVE-0-2026-1337)
Vulnerability from nvd – Published: 2026-02-06 13:13 – Updated: 2026-02-06 14:30
VLAI?
Title
Insufficient escaping of unicode characters in query log
Summary
Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.
Proof of concept exploit: https://github.com/JoakimBulow/CVE-2026-1337
Severity ?
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
0 , < 2026.01.0
(date)
|
|||||||
|
|||||||||
Credits
Joakim Bülow
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T14:29:47.736732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T14:30:29.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.0",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"collectionURL": "https://mvnrepository.com/artifact/org.neo4j/neo4j",
"defaultStatus": "unaffected",
"packageName": "pkg:maven/org.neo4j/neo4j",
"product": "Community Edition",
"repo": "https://github.com/neo4j/neo4j",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.0",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joakim B\u00fclow"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.\u003cbr\u003e\u003cbr\u003eProof of concept exploit:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/JoakimBulow/CVE-2026-1337\"\u003ehttps://github.com/JoakimBulow/CVE-2026-1337\u003c/a\u003e"
}
],
"value": "Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.\n\nProof of concept exploit:\u00a0 https://github.com/JoakimBulow/CVE-2026-1337"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
},
{
"capecId": "CAPEC-93",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-93 Log Injection-Tampering-Forging"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 1.1,
"baseSeverity": "LOW",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T13:13:19.230Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/JoakimBulow/CVE-2026-1337"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Insufficient escaping of unicode characters in query log",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1337",
"datePublished": "2026-02-06T13:13:19.230Z",
"dateReserved": "2026-01-22T13:14:55.461Z",
"dateUpdated": "2026-02-06T14:30:29.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1622 (GCVE-0-2026-1622)
Vulnerability from nvd – Published: 2026-02-04 09:14 – Updated: 2026-02-04 15:12
VLAI?
Title
Unredacted data exposure in query.log
Summary
Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files.
The "obfuscate_literals" option in the query logs does not redact error information, exposing unredacted data in the query log when a customer writes a query that fails. It can allow a user with legitimate access to the local log files to obtain information they are not authorised to see. If this user is also in a position to run queries and trigger errors, this vulnerability can potentially help them to infer information they are not authorised to see through their intended database access.
We recommend upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had db.logs.query.obfuscate_literals enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting db.logs.query.obfuscate_errors once you have upgraded Neo4j.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
2025.01 , < 2026.01.3
(date)
Affected: 5.0 , < 5.26.21 (semver) Affected: 4.4 , < 4.4.48 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T15:12:30.488399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T15:12:37.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.3",
"status": "affected",
"version": "2025.01",
"versionType": "date"
},
{
"lessThan": "5.26.21",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.48",
"status": "affected",
"version": "4.4",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://mvnrepository.com/artifact/org.neo4j/",
"defaultStatus": "unaffected",
"packageName": "neo4j",
"product": "Community Edition",
"repo": "https://github.com/neo4j/neo4j",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.3",
"status": "affected",
"version": "2025.01",
"versionType": "date"
},
{
"lessThan": "5.26.21",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.48",
"status": "affected",
"version": "4.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only applicable if\u0026nbsp;\u003ccode\u003edb.logs.query.obfuscate_literals\u0026nbsp;\u003c/code\u003eis enabled"
}
],
"value": "Only applicable if\u00a0db.logs.query.obfuscate_literals\u00a0is enabled"
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.01.3",
"versionStartIncluding": "2025.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.21",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.48",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:community_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.01.3",
"versionStartIncluding": "2025.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:community_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.21",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:community_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.48",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNeo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThe \"obfuscate_literals\" option in the query logs does not redact error information, exposing unredacted data in the query log when a customer writes a query that fails. It can allow a user with legitimate access to the local log files to obtain information they are not authorised to see. If this user is also in a position to run queries and trigger errors, this vulnerability can potentially help them to infer information they are not authorised to see through their intended database access.\u003c/p\u003e\u003cp\u003eWe recommend\u0026nbsp;upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had\u0026nbsp;\u003ccode\u003edb.logs.query.obfuscate_literals\u003c/code\u003e\u0026nbsp;enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting\u0026nbsp;\u003ccode\u003edb.logs.query.obfuscate_errors\u0026nbsp;\u003c/code\u003eonce you have upgraded Neo4j.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files.\n\n\nThe \"obfuscate_literals\" option in the query logs does not redact error information, exposing unredacted data in the query log when a customer writes a query that fails. It can allow a user with legitimate access to the local log files to obtain information they are not authorised to see. If this user is also in a position to run queries and trigger errors, this vulnerability can potentially help them to infer information they are not authorised to see through their intended database access.\n\nWe recommend\u00a0upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had\u00a0db.logs.query.obfuscate_literals\u00a0enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting\u00a0db.logs.query.obfuscate_errors\u00a0once you have upgraded Neo4j."
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T10:02:57.648Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://neo4j.com/security/CVE-2026-1622"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We recommend upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had \u0026nbsp;\u003ccode\u003edb.logs.query.obfuscate_literals\u003c/code\u003e\u0026nbsp;enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting \u003ccode\u003edb.logs.query.obfuscate_errors \u003c/code\u003eonce you have upgraded Neo4j.\u003cbr\u003e"
}
],
"value": "We recommend upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had \u00a0db.logs.query.obfuscate_literals\u00a0enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting db.logs.query.obfuscate_errors once you have upgraded Neo4j."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unredacted data exposure in query.log",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1622",
"datePublished": "2026-02-04T09:14:46.320Z",
"dateReserved": "2026-01-29T14:23:26.871Z",
"dateUpdated": "2026-02-04T15:12:37.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11602 (GCVE-0-2025-11602)
Vulnerability from nvd – Published: 2025-10-31 10:20 – Updated: 2025-10-31 11:37
VLAI?
Title
Untargeted information leak in Bolt protocol handshake
Summary
Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.
Severity ?
CWE
- CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
5.26.0 , < 5.26.15
(semver)
Affected: 2025.1.0 , < 2025.10.1 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T11:36:06.456339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T11:37:44.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "5.26.15",
"status": "affected",
"version": "5.26.0",
"versionType": "semver"
},
{
"lessThan": "2025.10.1",
"status": "affected",
"version": "2025.1.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://mvnrepository.com/artifact/org.neo4j/",
"defaultStatus": "unaffected",
"packageName": "neo4j",
"product": "Community Edition",
"repo": "https://github.com/neo4j/neo4j",
"vendor": "neo4j",
"versions": [
{
"lessThan": "5.26.15",
"status": "affected",
"version": "5.26.0",
"versionType": "semver"
},
{
"lessThan": "2025.10.1",
"status": "affected",
"version": "2025.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.15",
"versionStartIncluding": "5.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025.10.1",
"versionStartIncluding": "2025.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:community_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.15",
"versionStartIncluding": "5.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:community_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025.10.1",
"versionStartIncluding": "2025.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses."
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/V:D/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "CWE-226: Sensitive Information in Resource Not Removed Before Reuse",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T10:20:17.254Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://neo4j.com/security/cve-2025-11602"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Untargeted information leak in Bolt protocol handshake",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2025-11602",
"datePublished": "2025-10-31T10:20:17.254Z",
"dateReserved": "2025-10-10T12:54:22.071Z",
"dateUpdated": "2025-10-31T11:37:44.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1337 (GCVE-0-2026-1337)
Vulnerability from cvelistv5 – Published: 2026-02-06 13:13 – Updated: 2026-02-06 14:30
VLAI?
Title
Insufficient escaping of unicode characters in query log
Summary
Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.
Proof of concept exploit: https://github.com/JoakimBulow/CVE-2026-1337
Severity ?
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
0 , < 2026.01.0
(date)
|
|||||||
|
|||||||||
Credits
Joakim Bülow
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T14:29:47.736732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T14:30:29.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.0",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"collectionURL": "https://mvnrepository.com/artifact/org.neo4j/neo4j",
"defaultStatus": "unaffected",
"packageName": "pkg:maven/org.neo4j/neo4j",
"product": "Community Edition",
"repo": "https://github.com/neo4j/neo4j",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.0",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joakim B\u00fclow"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.\u003cbr\u003e\u003cbr\u003eProof of concept exploit:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/JoakimBulow/CVE-2026-1337\"\u003ehttps://github.com/JoakimBulow/CVE-2026-1337\u003c/a\u003e"
}
],
"value": "Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.\n\nProof of concept exploit:\u00a0 https://github.com/JoakimBulow/CVE-2026-1337"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
},
{
"capecId": "CAPEC-93",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-93 Log Injection-Tampering-Forging"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 1.1,
"baseSeverity": "LOW",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T13:13:19.230Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/JoakimBulow/CVE-2026-1337"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Insufficient escaping of unicode characters in query log",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1337",
"datePublished": "2026-02-06T13:13:19.230Z",
"dateReserved": "2026-01-22T13:14:55.461Z",
"dateUpdated": "2026-02-06T14:30:29.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1622 (GCVE-0-2026-1622)
Vulnerability from cvelistv5 – Published: 2026-02-04 09:14 – Updated: 2026-02-04 15:12
VLAI?
Title
Unredacted data exposure in query.log
Summary
Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files.
The "obfuscate_literals" option in the query logs does not redact error information, exposing unredacted data in the query log when a customer writes a query that fails. It can allow a user with legitimate access to the local log files to obtain information they are not authorised to see. If this user is also in a position to run queries and trigger errors, this vulnerability can potentially help them to infer information they are not authorised to see through their intended database access.
We recommend upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had db.logs.query.obfuscate_literals enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting db.logs.query.obfuscate_errors once you have upgraded Neo4j.
Severity ?
CWE
- CWE-532 - Insertion of Sensitive Information into Log File
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
2025.01 , < 2026.01.3
(date)
Affected: 5.0 , < 5.26.21 (semver) Affected: 4.4 , < 4.4.48 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1622",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-04T15:12:30.488399Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T15:12:37.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.3",
"status": "affected",
"version": "2025.01",
"versionType": "date"
},
{
"lessThan": "5.26.21",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.48",
"status": "affected",
"version": "4.4",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://mvnrepository.com/artifact/org.neo4j/",
"defaultStatus": "unaffected",
"packageName": "neo4j",
"product": "Community Edition",
"repo": "https://github.com/neo4j/neo4j",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.3",
"status": "affected",
"version": "2025.01",
"versionType": "date"
},
{
"lessThan": "5.26.21",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "4.4.48",
"status": "affected",
"version": "4.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only applicable if\u0026nbsp;\u003ccode\u003edb.logs.query.obfuscate_literals\u0026nbsp;\u003c/code\u003eis enabled"
}
],
"value": "Only applicable if\u00a0db.logs.query.obfuscate_literals\u00a0is enabled"
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.01.3",
"versionStartIncluding": "2025.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.21",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.48",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:community_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.01.3",
"versionStartIncluding": "2025.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:community_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.21",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:community_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.48",
"versionStartIncluding": "4.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eNeo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files.\u003c/span\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThe \"obfuscate_literals\" option in the query logs does not redact error information, exposing unredacted data in the query log when a customer writes a query that fails. It can allow a user with legitimate access to the local log files to obtain information they are not authorised to see. If this user is also in a position to run queries and trigger errors, this vulnerability can potentially help them to infer information they are not authorised to see through their intended database access.\u003c/p\u003e\u003cp\u003eWe recommend\u0026nbsp;upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had\u0026nbsp;\u003ccode\u003edb.logs.query.obfuscate_literals\u003c/code\u003e\u0026nbsp;enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting\u0026nbsp;\u003ccode\u003edb.logs.query.obfuscate_errors\u0026nbsp;\u003c/code\u003eonce you have upgraded Neo4j.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files.\n\n\nThe \"obfuscate_literals\" option in the query logs does not redact error information, exposing unredacted data in the query log when a customer writes a query that fails. It can allow a user with legitimate access to the local log files to obtain information they are not authorised to see. If this user is also in a position to run queries and trigger errors, this vulnerability can potentially help them to infer information they are not authorised to see through their intended database access.\n\nWe recommend\u00a0upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had\u00a0db.logs.query.obfuscate_literals\u00a0enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting\u00a0db.logs.query.obfuscate_errors\u00a0once you have upgraded Neo4j."
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-532",
"description": "CWE-532 Insertion of Sensitive Information into Log File",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-04T10:02:57.648Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://neo4j.com/security/CVE-2026-1622"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "We recommend upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had \u0026nbsp;\u003ccode\u003edb.logs.query.obfuscate_literals\u003c/code\u003e\u0026nbsp;enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting \u003ccode\u003edb.logs.query.obfuscate_errors \u003c/code\u003eonce you have upgraded Neo4j.\u003cbr\u003e"
}
],
"value": "We recommend upgrading to versions 2026.01.3 (or 5.26.21) where the issue is fixed, and reviewing query log files permissions to ensure restricted access. If your configuration had \u00a0db.logs.query.obfuscate_literals\u00a0enabled, and you wish the obfuscation to cover the error messages as well, you need to enable the new configuration setting db.logs.query.obfuscate_errors once you have upgraded Neo4j."
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Unredacted data exposure in query.log",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1622",
"datePublished": "2026-02-04T09:14:46.320Z",
"dateReserved": "2026-01-29T14:23:26.871Z",
"dateUpdated": "2026-02-04T15:12:37.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-11602 (GCVE-0-2025-11602)
Vulnerability from cvelistv5 – Published: 2025-10-31 10:20 – Updated: 2025-10-31 11:37
VLAI?
Title
Untargeted information leak in Bolt protocol handshake
Summary
Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.
Severity ?
CWE
- CWE-226 - Sensitive Information in Resource Not Removed Before Reuse
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
5.26.0 , < 5.26.15
(semver)
Affected: 2025.1.0 , < 2025.10.1 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-11602",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-31T11:36:06.456339Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T11:37:44.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "5.26.15",
"status": "affected",
"version": "5.26.0",
"versionType": "semver"
},
{
"lessThan": "2025.10.1",
"status": "affected",
"version": "2025.1.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://mvnrepository.com/artifact/org.neo4j/",
"defaultStatus": "unaffected",
"packageName": "neo4j",
"product": "Community Edition",
"repo": "https://github.com/neo4j/neo4j",
"vendor": "neo4j",
"versions": [
{
"lessThan": "5.26.15",
"status": "affected",
"version": "5.26.0",
"versionType": "semver"
},
{
"lessThan": "2025.10.1",
"status": "affected",
"version": "2025.1.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.15",
"versionStartIncluding": "5.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025.10.1",
"versionStartIncluding": "2025.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:community_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.15",
"versionStartIncluding": "5.26.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:community_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2025.10.1",
"versionStartIncluding": "2025.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses."
}
],
"impacts": [
{
"capecId": "CAPEC-410",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-410 Information Elicitation"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/V:D/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-226",
"description": "CWE-226: Sensitive Information in Resource Not Removed Before Reuse",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-31T10:20:17.254Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://neo4j.com/security/cve-2025-11602"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Untargeted information leak in Bolt protocol handshake",
"x_generator": {
"engine": "Vulnogram 0.4.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2025-11602",
"datePublished": "2025-10-31T10:20:17.254Z",
"dateReserved": "2025-10-10T12:54:22.071Z",
"dateUpdated": "2025-10-31T11:37:44.777Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}