NOMISEC-JoakimBulow/CVE-2026-1337

NOMISEC WORKING POC

Exploit for CVE-2026-1337 - Neo4j < 2026.01 - XSS

AI Analysis

This repository contains a functional PoC for CVE-2026-1337, demonstrating log injection in Neo4j's query.log via unescaped control characters in Bolt transaction metadata. The exploit injects fake log entries by leveraging newline characters in metadata fields, which are not sanitized when logging is not in JSON format.

Attack Type

other

Complexity

trivial

Reliability

reliable

MITRE ATT&CK

T1098 - Account Manipulation T1562.006 - Indicator Blocking

Loading exploit code...

Download ZIP Password: eip

Source

Platform Nomisec

Type poc

Files 2

https://github.com/JoakimBulow/CVE-2026-1337

Stars 0

Forks 0

Last Push Feb 05, 2026

Authors

JoakimBulow Joakim Bulow

Vulnerability

CVE-2026-1337

Neo4j < 2026.01 - XSS

MEDIUM

CVSS 5.4