CVE-2026-1471

LOW

Neo4j Enterprise <2026.01.4 - Privilege Escalation

Title source: llm

Description

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint). We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.

References (1)

[Various Sources] https://neo4j.com/security/CVE-2026-1471

Scores

CVSS v4 2.1

EPSS 0.0006

EPSS Percentile 19.0%

CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:L/U:Clear

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Published Mar 11, 2026

Tracked Since Mar 12, 2026