CVE-2026-1471

UNKNOWN 0.0

Caching of authentication context

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint). We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.

CWE	CWE-863
Vendor	neo4j
Product	enterprise edition
Published	Mar 11, 2026
Last Updated	Mar 11, 2026

Stay Ahead of the Next One

Get instant alerts for neo4j enterprise edition

Be the first to know when new unknown vulnerabilities affecting neo4j enterprise edition are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Neo4j / Enterprise edition

2025.01 < 2026.01.4 4.4.0 < 5.26.22

References

NVD ↗ CVE.org ↗ EPSS Data ↗

neo4j.com: https://neo4j.com/security/CVE-2026-1471