Search
Find a vulnerability
Search criteria
16 vulnerabilities found for Neo4j by Neo4j
CVE-2026-1524 (GCVE-0-2026-1524)
Vulnerability from nvd – Published: 2026-03-11 16:16 – Updated: 2026-03-12 16:19
VLAI
Title
Auth misconfiguration when multiple providers enabled
Summary
An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions:
If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures one or more of them to be authentication-only, then those that are authentication-only will also provide authorization. This edgecase becomes a security problem only if the authentication-only provider contains groups which have higher privileges than provided by the intended (configured) authorization provider.
When using multiple plugins for authentication and authorisation, prior to the fix the issue could lead to a plugin configured to provide only authentication or authorisation capabilities erroneously providing both capabilities.
We recommend upgrading to versions 2026.02 (or 5.26.22) where the issue is fixed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://neo4j.com/security/CVE-2026-1524 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
4.4.0 , < 5.26.22
(semver)
Affected: 2025.01 , < 2026.02 (date) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:43:20.625306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:19:58.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "5.26.22",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "2026.02",
"status": "affected",
"version": "2025.01",
"versionType": "date"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only applicable if multiple OIDC providers (or multiple auth plugins) are configured with separate authentication and authorization intent."
}
],
"value": "Only applicable if multiple OIDC providers (or multiple auth plugins) are configured with separate authentication and authorization intent."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.22",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.02",
"versionStartIncluding": "2025.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions:\u003cbr\u003e\u003c/p\u003e\u003cp\u003eIf a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures one or more of them to be authentication-only, then those that are authentication-only will also provide authorization. This edgecase becomes a security problem only if\u0026nbsp;\u003cspan\u003ethe authentication-only provider contains groups which have higher privileges than provided by the intended (configured) authorization provider. \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eWhen using multiple plugins for authentication and authorisation, prior to the fix the issue could lead to a plugin configured to provide only authentication or authorisation capabilities erroneously providing both capabilities.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eWe recommend upgrading to versions 2026.02 (or 5.26.22) where the issue is fixed. \u003cbr\u003e\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions:\n\n\nIf a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures one or more of them to be authentication-only, then those that are authentication-only will also provide authorization. This edgecase becomes a security problem only if\u00a0the authentication-only provider contains groups which have higher privileges than provided by the intended (configured) authorization provider. \n\nWhen using multiple plugins for authentication and authorisation, prior to the fix the issue could lead to a plugin configured to provide only authentication or authorisation capabilities erroneously providing both capabilities.\u00a0\n\nWe recommend upgrading to versions 2026.02 (or 5.26.22) where the issue is fixed."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:16:35.346Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://neo4j.com/security/CVE-2026-1524"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Auth misconfiguration when multiple providers enabled",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1524",
"datePublished": "2026-03-11T16:16:35.346Z",
"dateReserved": "2026-01-28T11:20:54.690Z",
"dateUpdated": "2026-03-12T16:19:58.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1471 (GCVE-0-2026-1471)
Vulnerability from nvd – Published: 2026-03-11 16:30 – Updated: 2026-03-11 20:09
VLAI
Title
Caching of authentication context
Summary
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).
We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://neo4j.com/security/CVE-2026-1471 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Neo4j | Enterprise edition |
Affected:
2025.01 , < 2026.01.4
(date)
Affected: 4.4.0 , < 5.26.22 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T20:08:47.580869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:09:18.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise edition",
"vendor": "Neo4j",
"versions": [
{
"lessThan": "2026.01.4",
"status": "affected",
"version": "2025.01",
"versionType": "date"
},
{
"lessThan": "5.26.22",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.01.4",
"versionStartIncluding": "2025.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.22",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).\u0026nbsp;\u003cbr\u003eWe recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.\u0026nbsp;"
}
],
"value": "Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).\u00a0\nWe recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:L/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:30:24.053Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://neo4j.com/security/CVE-2026-1471"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Caching of authentication context",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eSet dbms.security.oidc.\u0026lt;provider\u0026gt;.get_groups_from_user_info\u003c/code\u003e and\u0026nbsp;\u003ccode\u003edbms.security.oidc.\u0026lt;provider\u0026gt;.get_username_from_user_info to false.\u003c/code\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Set dbms.security.oidc.\u003cprovider\u003e.get_groups_from_user_info and\u00a0dbms.security.oidc.\u003cprovider\u003e.get_username_from_user_info to false."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1471",
"datePublished": "2026-03-11T16:30:24.053Z",
"dateReserved": "2026-01-27T09:09:22.753Z",
"dateUpdated": "2026-03-11T20:09:18.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1497 (GCVE-0-2026-1497)
Vulnerability from nvd – Published: 2026-03-11 15:50 – Updated: 2026-03-12 16:13
VLAI
Title
Incorrect privilege assignment in composite databases
Summary
Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario:
an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any local database or remote alias called "name". If such database or alias doesn't exist when the command is run, the privileges will apply if it's created in the future.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://neo4j.com/security/CVE-2026-1497 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
5.0 , < 5.26.22
(semver)
Affected: 2025.01 , < 2026.02 (date) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T16:13:44.666371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:13:58.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "5.26.22",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "2026.02",
"status": "affected",
"version": "2025.01",
"versionType": "date"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is only applicable if composite database feature is used."
}
],
"value": "This issue is only applicable if composite database feature is used."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.22",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.02",
"versionStartIncluding": "2025.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario:\u0026nbsp;\u003cbr\u003ean admin that intends to give a user an access to a remote database constituent \"namespace.name\" will inadvertently grant access to any local database or remote alias called \"name\". If such database or alias doesn\u0027t exist when the command is run, the privileges will apply if it\u0027s created in the future.\u003cbr\u003e"
}
],
"value": "Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario:\u00a0\nan admin that intends to give a user an access to a remote database constituent \"namespace.name\" will inadvertently grant access to any local database or remote alias called \"name\". If such database or alias doesn\u0027t exist when the command is run, the privileges will apply if it\u0027s created in the future."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:50:57.651Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://neo4j.com/security/CVE-2026-1497"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect privilege assignment in composite databases",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1497",
"datePublished": "2026-03-11T15:50:57.651Z",
"dateReserved": "2026-01-27T15:57:15.975Z",
"dateUpdated": "2026-03-12T16:13:58.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1337 (GCVE-0-2026-1337)
Vulnerability from nvd – Published: 2026-02-06 13:13 – Updated: 2026-02-06 14:30
VLAI
Title
Insufficient escaping of unicode characters in query log
Summary
Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.
Proof of concept exploit: https://github.com/JoakimBulow/CVE-2026-1337
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/JoakimBulow/CVE-2026-1337 | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
0 , < 2026.01.0
(date)
|
|
| neo4j | Community Edition |
Affected:
0 , < 2026.01.0
(date)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T14:29:47.736732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T14:30:29.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.0",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"collectionURL": "https://mvnrepository.com/artifact/org.neo4j/neo4j",
"defaultStatus": "unaffected",
"packageName": "pkg:maven/org.neo4j/neo4j",
"product": "Community Edition",
"repo": "https://github.com/neo4j/neo4j",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.0",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joakim B\u00fclow"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.\u003cbr\u003e\u003cbr\u003eProof of concept exploit:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/JoakimBulow/CVE-2026-1337\"\u003ehttps://github.com/JoakimBulow/CVE-2026-1337\u003c/a\u003e"
}
],
"value": "Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.\n\nProof of concept exploit:\u00a0 https://github.com/JoakimBulow/CVE-2026-1337"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
},
{
"capecId": "CAPEC-93",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-93 Log Injection-Tampering-Forging"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 1.1,
"baseSeverity": "LOW",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T13:13:19.230Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/JoakimBulow/CVE-2026-1337"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Insufficient escaping of unicode characters in query log",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1337",
"datePublished": "2026-02-06T13:13:19.230Z",
"dateReserved": "2026-01-22T13:14:55.461Z",
"dateUpdated": "2026-02-06T14:30:29.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-34517 (GCVE-0-2024-34517)
Vulnerability from nvd – Published: 2024-05-07 00:00 – Updated: 2025-07-23 03:55
VLAI
Summary
The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-471 - Modification of Assumed-Immutable Data (MAID)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:neo4j:neo4j:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "neo4j",
"vendor": "neo4j",
"versions": [
{
"lessThanOrEqual": "5.19.0",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T03:55:32.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://trust.neo4j.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://neo4j.com/security/cve-2024-34517/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-p343-9qwp-pqxv"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Neo4j",
"vendor": "Neo4j",
"versions": [
{
"lessThan": "5.19",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:neo4j:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-471",
"description": "CWE-471 Modification of Assumed-Immutable Data (MAID)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T03:41:35.655Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://trust.neo4j.com"
},
{
"url": "https://neo4j.com/security/cve-2024-34517/"
},
{
"url": "https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher"
},
{
"url": "https://github.com/advisories/GHSA-p343-9qwp-pqxv"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34517",
"datePublished": "2024-05-07T00:00:00.000Z",
"dateReserved": "2024-05-05T00:00:00.000Z",
"dateUpdated": "2025-07-23T03:55:32.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34371 (GCVE-0-2021-34371)
Vulnerability from nvd – Published: 2021-08-05 19:35 – Updated: 2024-08-04 00:12
VLAI
Summary
Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50170 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:49.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/50170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:35:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/50170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-34371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/50170",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/50170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34371",
"datePublished": "2021-08-05T19:35:05.000Z",
"dateReserved": "2021-06-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:12:49.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18389 (GCVE-0-2018-18389)
Vulnerability from nvd – Published: 2018-10-16 18:00 – Updated: 2024-09-16 22:01
VLAI
Summary
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/neo4j/neo4j/issues/12047 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/neo4j/neo4j/issues/12047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/neo4j/neo4j/issues/12047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/neo4j/neo4j/issues/12047",
"refsource": "MISC",
"url": "https://github.com/neo4j/neo4j/issues/12047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18389",
"datePublished": "2018-10-16T18:00:00.000Z",
"dateReserved": "2018-10-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:01:37.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7259 (GCVE-0-2013-7259)
Vulnerability from nvd – Published: 2014-04-29 14:00 – Updated: 2024-08-06 18:01
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/o2platform/DefCon_RESTing/tree… | x_refsource_MISC |
| http://blog.diniscruz.com/2013/08/neo4j-csrf-payl… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/01/03/8 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2014/01/03/3 | mailing-listx_refsource_MLIST |
Date Public
2013-08-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html"
},
{
"name": "[oss-security] 20140103 Re: Neo4J CSRF: Potential CVE candidate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/8"
},
{
"name": "[oss-security] 20140103 Neo4J CSRF: Potential CVE candidate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html"
},
{
"name": "[oss-security] 20140103 Re: Neo4J CSRF: Potential CVE candidate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/8"
},
{
"name": "[oss-security] 20140103 Neo4J CSRF: Potential CVE candidate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j",
"refsource": "MISC",
"url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j"
},
{
"name": "http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html",
"refsource": "MISC",
"url": "http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html"
},
{
"name": "[oss-security] 20140103 Re: Neo4J CSRF: Potential CVE candidate",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/8"
},
{
"name": "[oss-security] 20140103 Neo4J CSRF: Potential CVE candidate",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7259",
"datePublished": "2014-04-29T14:00:00.000Z",
"dateReserved": "2014-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-1471 (GCVE-0-2026-1471)
Vulnerability from cvelistv5 – Published: 2026-03-11 16:30 – Updated: 2026-03-11 20:09
VLAI
Title
Caching of authentication context
Summary
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).
We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://neo4j.com/security/CVE-2026-1471 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Neo4j | Enterprise edition |
Affected:
2025.01 , < 2026.01.4
(date)
Affected: 4.4.0 , < 5.26.22 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T20:08:47.580869Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T20:09:18.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise edition",
"vendor": "Neo4j",
"versions": [
{
"lessThan": "2026.01.4",
"status": "affected",
"version": "2025.01",
"versionType": "date"
},
{
"lessThan": "5.26.22",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.01.4",
"versionStartIncluding": "2025.01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.22",
"versionStartIncluding": "4.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).\u0026nbsp;\u003cbr\u003eWe recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.\u0026nbsp;"
}
],
"value": "Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).\u00a0\nWe recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:L/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:30:24.053Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://neo4j.com/security/CVE-2026-1471"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Caching of authentication context",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003ccode\u003eSet dbms.security.oidc.\u0026lt;provider\u0026gt;.get_groups_from_user_info\u003c/code\u003e and\u0026nbsp;\u003ccode\u003edbms.security.oidc.\u0026lt;provider\u0026gt;.get_username_from_user_info to false.\u003c/code\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Set dbms.security.oidc.\u003cprovider\u003e.get_groups_from_user_info and\u00a0dbms.security.oidc.\u003cprovider\u003e.get_username_from_user_info to false."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1471",
"datePublished": "2026-03-11T16:30:24.053Z",
"dateReserved": "2026-01-27T09:09:22.753Z",
"dateUpdated": "2026-03-11T20:09:18.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1524 (GCVE-0-2026-1524)
Vulnerability from cvelistv5 – Published: 2026-03-11 16:16 – Updated: 2026-03-12 16:19
VLAI
Title
Auth misconfiguration when multiple providers enabled
Summary
An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions:
If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures one or more of them to be authentication-only, then those that are authentication-only will also provide authorization. This edgecase becomes a security problem only if the authentication-only provider contains groups which have higher privileges than provided by the intended (configured) authorization provider.
When using multiple plugins for authentication and authorisation, prior to the fix the issue could lead to a plugin configured to provide only authentication or authorisation capabilities erroneously providing both capabilities.
We recommend upgrading to versions 2026.02 (or 5.26.22) where the issue is fixed.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://neo4j.com/security/CVE-2026-1524 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
4.4.0 , < 5.26.22
(semver)
Affected: 2025.01 , < 2026.02 (date) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1524",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T15:43:20.625306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:19:58.434Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "5.26.22",
"status": "affected",
"version": "4.4.0",
"versionType": "semver"
},
{
"lessThan": "2026.02",
"status": "affected",
"version": "2025.01",
"versionType": "date"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only applicable if multiple OIDC providers (or multiple auth plugins) are configured with separate authentication and authorization intent."
}
],
"value": "Only applicable if multiple OIDC providers (or multiple auth plugins) are configured with separate authentication and authorization intent."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.22",
"versionStartIncluding": "4.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.02",
"versionStartIncluding": "2025.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions:\u003cbr\u003e\u003c/p\u003e\u003cp\u003eIf a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures one or more of them to be authentication-only, then those that are authentication-only will also provide authorization. This edgecase becomes a security problem only if\u0026nbsp;\u003cspan\u003ethe authentication-only provider contains groups which have higher privileges than provided by the intended (configured) authorization provider. \u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eWhen using multiple plugins for authentication and authorisation, prior to the fix the issue could lead to a plugin configured to provide only authentication or authorisation capabilities erroneously providing both capabilities.\u0026nbsp;\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan\u003eWe recommend upgrading to versions 2026.02 (or 5.26.22) where the issue is fixed. \u003cbr\u003e\u003c/span\u003e\u003c/p\u003e"
}
],
"value": "An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions:\n\n\nIf a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures one or more of them to be authentication-only, then those that are authentication-only will also provide authorization. This edgecase becomes a security problem only if\u00a0the authentication-only provider contains groups which have higher privileges than provided by the intended (configured) authorization provider. \n\nWhen using multiple plugins for authentication and authorisation, prior to the fix the issue could lead to a plugin configured to provide only authentication or authorisation capabilities erroneously providing both capabilities.\u00a0\n\nWe recommend upgrading to versions 2026.02 (or 5.26.22) where the issue is fixed."
}
],
"impacts": [
{
"capecId": "CAPEC-180",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2.1,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T16:16:35.346Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://neo4j.com/security/CVE-2026-1524"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Auth misconfiguration when multiple providers enabled",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1524",
"datePublished": "2026-03-11T16:16:35.346Z",
"dateReserved": "2026-01-28T11:20:54.690Z",
"dateUpdated": "2026-03-12T16:19:58.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1497 (GCVE-0-2026-1497)
Vulnerability from cvelistv5 – Published: 2026-03-11 15:50 – Updated: 2026-03-12 16:13
VLAI
Title
Incorrect privilege assignment in composite databases
Summary
Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario:
an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any local database or remote alias called "name". If such database or alias doesn't exist when the command is run, the privileges will apply if it's created in the future.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://neo4j.com/security/CVE-2026-1497 | vendor-advisory |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
5.0 , < 5.26.22
(semver)
Affected: 2025.01 , < 2026.02 (date) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-12T16:13:44.666371Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-12T16:13:58.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "5.26.22",
"status": "affected",
"version": "5.0",
"versionType": "semver"
},
{
"lessThan": "2026.02",
"status": "affected",
"version": "2025.01",
"versionType": "date"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue is only applicable if composite database feature is used."
}
],
"value": "This issue is only applicable if composite database feature is used."
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.26.22",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2026.02",
"versionStartIncluding": "2025.01",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario:\u0026nbsp;\u003cbr\u003ean admin that intends to give a user an access to a remote database constituent \"namespace.name\" will inadvertently grant access to any local database or remote alias called \"name\". If such database or alias doesn\u0027t exist when the command is run, the privileges will apply if it\u0027s created in the future.\u003cbr\u003e"
}
],
"value": "Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario:\u00a0\nan admin that intends to give a user an access to a remote database constituent \"namespace.name\" will inadvertently grant access to any local database or remote alias called \"name\". If such database or alias doesn\u0027t exist when the command is run, the privileges will apply if it\u0027s created in the future."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NO",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 2,
"baseSeverity": "LOW",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:50:57.651Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://neo4j.com/security/CVE-2026-1497"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Incorrect privilege assignment in composite databases",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1497",
"datePublished": "2026-03-11T15:50:57.651Z",
"dateReserved": "2026-01-27T15:57:15.975Z",
"dateUpdated": "2026-03-12T16:13:58.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1337 (GCVE-0-2026-1337)
Vulnerability from cvelistv5 – Published: 2026-02-06 13:13 – Updated: 2026-02-06 14:30
VLAI
Title
Insufficient escaping of unicode characters in query log
Summary
Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.
Proof of concept exploit: https://github.com/JoakimBulow/CVE-2026-1337
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-117 - Improper Output Neutralization for Logs
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/JoakimBulow/CVE-2026-1337 | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| neo4j | Enterprise Edition |
Affected:
0 , < 2026.01.0
(date)
|
|
| neo4j | Community Edition |
Affected:
0 , < 2026.01.0
(date)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-1337",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-06T14:29:47.736732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T14:30:29.856Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Enterprise Edition",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.0",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
},
{
"collectionURL": "https://mvnrepository.com/artifact/org.neo4j/neo4j",
"defaultStatus": "unaffected",
"packageName": "pkg:maven/org.neo4j/neo4j",
"product": "Community Edition",
"repo": "https://github.com/neo4j/neo4j",
"vendor": "neo4j",
"versions": [
{
"lessThan": "2026.01.0",
"status": "affected",
"version": "0",
"versionType": "date"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Joakim B\u00fclow"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.\u003cbr\u003e\u003cbr\u003eProof of concept exploit:\u0026nbsp;\u003ca target=\"_blank\" rel=\"nofollow\" href=\"https://github.com/JoakimBulow/CVE-2026-1337\"\u003ehttps://github.com/JoakimBulow/CVE-2026-1337\u003c/a\u003e"
}
],
"value": "Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01.\n\nProof of concept exploit:\u00a0 https://github.com/JoakimBulow/CVE-2026-1337"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
},
{
"capecId": "CAPEC-93",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-93 Log Injection-Tampering-Forging"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 1.1,
"baseSeverity": "LOW",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-117",
"description": "CWE-117 Improper Output Neutralization for Logs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-06T13:13:19.230Z",
"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"shortName": "Neo4j"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/JoakimBulow/CVE-2026-1337"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Insufficient escaping of unicode characters in query log",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6",
"assignerShortName": "Neo4j",
"cveId": "CVE-2026-1337",
"datePublished": "2026-02-06T13:13:19.230Z",
"dateReserved": "2026-01-22T13:14:55.461Z",
"dateUpdated": "2026-02-06T14:30:29.856Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-34517 (GCVE-0-2024-34517)
Vulnerability from cvelistv5 – Published: 2024-05-07 00:00 – Updated: 2025-07-23 03:55
VLAI
Summary
The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-471 - Modification of Assumed-Immutable Data (MAID)
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:neo4j:neo4j:5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "neo4j",
"vendor": "neo4j",
"versions": [
{
"lessThanOrEqual": "5.19.0",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-34517",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-22T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-23T03:55:32.171Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T02:51:11.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://trust.neo4j.com"
},
{
"tags": [
"x_transferred"
],
"url": "https://neo4j.com/security/cve-2024-34517/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/advisories/GHSA-p343-9qwp-pqxv"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Neo4j",
"vendor": "Neo4j",
"versions": [
{
"lessThan": "5.19",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:neo4j:neo4j:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.19",
"versionStartIncluding": "5.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-471",
"description": "CWE-471 Modification of Assumed-Immutable Data (MAID)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T03:41:35.655Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://trust.neo4j.com"
},
{
"url": "https://neo4j.com/security/cve-2024-34517/"
},
{
"url": "https://github.com/neo4j/neo4j/wiki/Neo4j-5-changelog#cypher"
},
{
"url": "https://github.com/advisories/GHSA-p343-9qwp-pqxv"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-34517",
"datePublished": "2024-05-07T00:00:00.000Z",
"dateReserved": "2024-05-05T00:00:00.000Z",
"dateUpdated": "2025-07-23T03:55:32.171Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-34371 (GCVE-0-2021-34371)
Vulnerability from cvelistv5 – Published: 2021-08-05 19:35 – Updated: 2024-08-04 00:12
VLAI
Summary
Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/50170 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T00:12:49.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/50170"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-05T19:35:05.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.exploit-db.com/exploits/50170"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-34371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Neo4j through 3.4.18 (with the shell server enabled) exposes an RMI service that arbitrarily deserializes Java objects, e.g., through setSessionVariable. An attacker can abuse this for remote code execution because there are dependencies with exploitable gadget chains."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.exploit-db.com/exploits/50170",
"refsource": "MISC",
"url": "https://www.exploit-db.com/exploits/50170"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-34371",
"datePublished": "2021-08-05T19:35:05.000Z",
"dateReserved": "2021-06-09T00:00:00.000Z",
"dateUpdated": "2024-08-04T00:12:49.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18389 (GCVE-0-2018-18389)
Vulnerability from cvelistv5 – Published: 2018-10-16 18:00 – Updated: 2024-09-16 22:01
VLAI
Summary
Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/neo4j/neo4j/issues/12047 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/neo4j/neo4j/issues/12047"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T18:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/neo4j/neo4j/issues/12047"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Due to incorrect access control in Neo4j Enterprise Database Server 3.4.x before 3.4.9, the setting of LDAP for authentication with STARTTLS, and System Account for authorization, allows an attacker to log into the server by sending any valid username with an arbitrary password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/neo4j/neo4j/issues/12047",
"refsource": "MISC",
"url": "https://github.com/neo4j/neo4j/issues/12047"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18389",
"datePublished": "2018-10-16T18:00:00.000Z",
"dateReserved": "2018-10-16T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:01:37.488Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7259 (GCVE-0-2013-7259)
Vulnerability from cvelistv5 – Published: 2014-04-29 14:00 – Updated: 2024-08-06 18:01
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/o2platform/DefCon_RESTing/tree… | x_refsource_MISC |
| http://blog.diniscruz.com/2013/08/neo4j-csrf-payl… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/01/03/8 | mailing-listx_refsource_MLIST |
| http://www.openwall.com/lists/oss-security/2014/01/03/3 | mailing-listx_refsource_MLIST |
Date Public
2013-08-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:19.791Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html"
},
{
"name": "[oss-security] 20140103 Re: Neo4J CSRF: Potential CVE candidate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/8"
},
{
"name": "[oss-security] 20140103 Neo4J CSRF: Potential CVE candidate",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-08-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-04-29T12:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html"
},
{
"name": "[oss-security] 20140103 Re: Neo4J CSRF: Potential CVE candidate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/8"
},
{
"name": "[oss-security] 20140103 Neo4J CSRF: Potential CVE candidate",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7259",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J 1.9.2 allow remote attackers to hijack the authentication of administrators for requests that execute arbitrary code, as demonstrated by a request to (1) db/data/ext/GremlinPlugin/graphdb/execute_script or (2) db/manage/server/console/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j",
"refsource": "MISC",
"url": "https://github.com/o2platform/DefCon_RESTing/tree/master/Live-Demos/Neo4j"
},
{
"name": "http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html",
"refsource": "MISC",
"url": "http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html"
},
{
"name": "[oss-security] 20140103 Re: Neo4J CSRF: Potential CVE candidate",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/8"
},
{
"name": "[oss-security] 20140103 Neo4J CSRF: Potential CVE candidate",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/03/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7259",
"datePublished": "2014-04-29T14:00:00.000Z",
"dateReserved": "2014-01-03T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:01:19.791Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}