CVE-2026-1471

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint). We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://neo4j.com/security/CVE-2026-1471	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:neo4j:neo4j:::::enterprise:::*
	cpe:2.3:a:neo4j:neo4j:::::enterprise:::*

History

22 May 2026, 13:26

Type	Values Removed	Values Added
CPE		cpe:2.3:a:neo4j:neo4j:::::enterprise:::*
References	~~() https://neo4j.com/security/CVE-2026-1471 -~~	() https://neo4j.com/security/CVE-2026-1471 - Vendor Advisory
Summary		(es) El almacenamiento en caché excesivo del contexto de autenticación en versiones de Neo4j Enterprise edition anteriores a 2026.01.4 lleva a que los usuarios autenticados hereden el contexto del primer usuario que se autenticó después del reinicio. El problema se limita a ciertas configuraciones no predeterminadas de SSO (punto final UserInfo). Recomendamos actualizar a las versiones 2026.01.4 (o 5.26.22) donde el problema está solucionado.
First Time		Neo4j Neo4j neo4j
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 6.5

11 Mar 2026, 17:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-11 17:16

Updated : 2026-05-22 13:26

NVD link : CVE-2026-1471

Mitre link : CVE-2026-1471

CVE.ORG link : CVE-2026-1471

JSON object : View

Products Affected

neo4j

neo4j

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2026-1471", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}], "cvssMetricV40": [{"type": "Secondary", "source": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 2.1, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "LOW", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-11T17:16:54.160", "references": [{"url": "https://neo4j.com/security/CVE-2026-1471", "tags": ["Vendor Advisory"], "source": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).\u00a0\nWe recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed."}, {"lang": "es", "value": "El almacenamiento en cach\u00e9 excesivo del contexto de autenticaci\u00f3n en versiones de Neo4j Enterprise edition anteriores a 2026.01.4 lleva a que los usuarios autenticados hereden el contexto del primer usuario que se autentic\u00f3 despu\u00e9s del reinicio. El problema se limita a ciertas configuraciones no predeterminadas de SSO (punto final UserInfo). Recomendamos actualizar a las versiones 2026.01.4 (o 5.26.22) donde el problema est\u00e1 solucionado."}], "lastModified": "2026-05-22T13:26:25.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:neo4j:neo4j:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "2F0CBF4C-6B09-4AF9-9A75-C079D06F8791", "versionEndExcluding": "5.26.22"}, {"criteria": "cpe:2.3:a:neo4j:neo4j:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "2777E666-109C-43B9-BCA5-0A09F86299C4", "versionEndExcluding": "2026.01.4", "versionStartIncluding": "2025.01.0"}], "operator": "OR"}]}], "sourceIdentifier": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6"}