Back to search
CVE-2026-1471
Published: Mar 11, 2026
Modified: Mar 11, 2026
PUBLISHED
Description
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint). We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.
| Vendor | Product | Versions |
|---|---|---|
Neo4j | Enterprise edition | affected 2025.01 - < 2026.01.4affected 4.4.0 - < 5.26.22 |
Weaknesses (CWE)
References
https://neo4j.com/security/CVE-2026-1471
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now