Neo4j Enterprise Edition
7 CVEs affecting Neo4j Enterprise Edition. Latest disclosed: 2026-03-11. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-1524 | Critical | 9.8 | 2026-03-11 | An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions… |
CVE-2026-1497 | High | 7.2 | 2026-03-11 | Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: … |
CVE-2026-1471 | Medium | 6.5 | 2026-03-11 | Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the… |
CVE-2026-1337 | | 2026-02-06 | Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs… | |
CVE-2026-1622 | | 2026-02-04 | Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability… | |
CVE-2025-12738 | | 2026-01-22 | Neo4j Enterprise edition versions prior to 2025.11.2 and 5.26.17 are vulnerable to a potential information disclosure by an attacker who has some legitimate ac… | |
CVE-2025-11602 | | 2025-10-31 | Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions allows attacker to obtain one byte of information from previou… |