Information disclosure in Neo4j Community Edition

CVE-2026-1622

Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscate_literals" option in the query lo…

EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.

Affected products

Neo4j Community Edition — versions 2025.01, 5.0, 4.4
Neo4j Enterprise Edition — versions 2025.01, 5.0, 4.4

Weakness classification (CWE)

CWE-532 — Insertion of Sensitive Information into Log File

References

neo4j.com/security/CVE-2026-1622 (vendor-advisory)