What is CVE-2026-1471?

CVE-2026-1471 is a medium-severity vulnerability in Neo4j Enterprise Edition, classified under Incorrect Authorization. CVSS score: 6.5/10. Published 2026-03-11.

How severe is CVE-2026-1471?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Auth bypass in Neo4j Enterprise Edition

CVE-2026-1471

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-…

Vulnerability class: Broken Access Control

EPSS: 0.001 (21.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Neo4j Enterprise Edition — versions 2025.01, 4.4.0
Neo4j

Weakness classification (CWE)

CWE-863 — Incorrect Authorization

References

3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6 (vendor-advisory, Vendor Advisory)

Frequently asked questions

What is CVE-2026-1471?: CVE-2026-1471 is a medium-severity vulnerability in Neo4j Enterprise Edition, classified under Incorrect Authorization. CVSS score: 6.5/10. Published 2026-03-11.
How severe is CVE-2026-1471?: Medium severity. CVSS v3 base score is 6.5 out of 10.