CVE-2026-1471 - Vulnerability Details - OpenCVE

Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint). We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Attack Requirements Present

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Neo4j	Enterprise Edition

No data.

No data.

References

Link	Providers
https://neo4j.com/security/CVE-2026-1471

History

Wed, 11 Mar 2026 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 11 Mar 2026 17:00:00 +0000

Type	Values Removed	Values Added
Description		Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint). We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.
Title		Caching of authentication context
First Time appeared		Neo4j Neo4j enterprise Edition
Weaknesses		CWE-863
CPEs		cpe:2.3:a:neo4j:enterprise_edition::::::::
Vendors & Products		Neo4j Neo4j enterprise Edition
References		https://neo4j.com/security/CVE-2026-1471
Metrics		cvssV4_0 `{'score': 2.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:L/U:Clear'}`

MITRE

Status: PUBLISHED

Assigner: Neo4j

Published: 2026-03-11T16:30:24.053Z

Updated: 2026-03-11T20:09:18.652Z

Reserved: 2026-01-27T09:09:22.753Z

Link: CVE-2026-1471

Vulnrichment

Updated: 2026-03-11T20:08:55.401Z

NVD

Status : Received

Published: 2026-03-11T17:16:54.160

Modified: 2026-03-11T17:16:54.160

Link: CVE-2026-1471

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1471", "assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "state": "PUBLISHED", "assignerShortName": "Neo4j", "dateReserved": "2026-01-27T09:09:22.753Z", "datePublished": "2026-03-11T16:30:24.053Z", "dateUpdated": "2026-03-11T20:09:18.652Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "shortName": "Neo4j", "dateUpdated": "2026-03-11T16:30:24.053Z"}, "title": "Caching of authentication context", "problemTypes": [{"descriptions": [{"lang": "en", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization", "type": "CWE"}]}], "affected": [{"vendor": "Neo4j", "product": "Enterprise edition", "versions": [{"status": "affected", "version": "2025.01", "lessThan": "2026.01.4", "versionType": "date"}, {"status": "affected", "version": "4.4.0", "lessThan": "5.26.22", "versionType": "semver"}], "defaultStatus": "unaffected"}], "cpeApplicability": [{"operator": "OR", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*", "versionStartIncluding": "2025.01", "versionEndExcluding": "2026.01.4"}, {"vulnerable": true, "criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*", "versionStartIncluding": "4.4.0", "versionEndExcluding": "5.26.22"}]}]}], "descriptions": [{"lang": "en", "value": "Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).\u00a0\nWe recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint). <br>We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed. "}]}], "references": [{"url": "https://neo4j.com/security/CVE-2026-1471", "tags": ["vendor-advisory"]}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV4_0": {"attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NO", "Recovery": "USER", "valueDensity": "DIFFUSE", "vulnerabilityResponseEffort": "LOW", "providerUrgency": "CLEAR", "version": "4.0", "baseSeverity": "LOW", "baseScore": 2.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:L/U:Clear"}}], "workarounds": [{"lang": "en", "value": "Set dbms.security.oidc.<provider>.get_groups_from_user_info and\u00a0dbms.security.oidc.<provider>.get_username_from_user_info to false.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<code>Set dbms.security.oidc.<provider>.get_groups_from_user_info</code> and <code>dbms.security.oidc.<provider>.get_username_from_user_info to false.</code><br><br>"}]}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-11T20:08:47.580869Z", "id": "CVE-2026-1471", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T20:09:18.652Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-1471", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-11T20:08:47.580869Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-11T20:08:55.401Z"}}], "cna": {"title": "Caching of authentication context", "source": {"discovery": "EXTERNAL"}, "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "USER", "baseScore": 2.1, "Automatable": "NO", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/AU:N/R:U/V:D/RE:L/U:Clear", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "CLEAR", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Neo4j", "product": "Enterprise edition", "versions": [{"status": "affected", "version": "2025.01", "lessThan": "2026.01.4", "versionType": "date"}, {"status": "affected", "version": "4.4.0", "lessThan": "5.26.22", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://neo4j.com/security/CVE-2026-1471", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "Set dbms.security.oidc.<provider>.get_groups_from_user_info and\u00a0dbms.security.oidc.<provider>.get_username_from_user_info to false.", "supportingMedia": [{"type": "text/html", "value": "<code>Set dbms.security.oidc.<provider>.get_groups_from_user_info</code> and <code>dbms.security.oidc.<provider>.get_username_from_user_info to false.</code><br><br>", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).\u00a0\nWe recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.", "supportingMedia": [{"type": "text/html", "value": "Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint). <br>We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed. ", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863 Incorrect Authorization"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "2026.01.4", "versionStartIncluding": "2025.01"}, {"criteria": "cpe:2.3:a:neo4j:enterprise_edition:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndExcluding": "5.26.22", "versionStartIncluding": "4.4.0"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "shortName": "Neo4j", "dateUpdated": "2026-03-11T16:30:24.053Z"}}}, "cveMetadata": {"cveId": "CVE-2026-1471", "state": "PUBLISHED", "dateUpdated": "2026-03-11T20:09:18.652Z", "dateReserved": "2026-01-27T09:09:22.753Z", "assignerOrgId": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "datePublished": "2026-03-11T16:30:24.053Z", "assignerShortName": "Neo4j"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).\u00a0\nWe recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed."}], "id": "CVE-2026-1471", "lastModified": "2026-03-11T17:16:54.160", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "USER", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "CLEAR", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Clear", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "LOW"}, "source": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "type": "Secondary"}]}, "published": "2026-03-11T17:16:54.160", "references": [{"source": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "url": "https://neo4j.com/security/CVE-2026-1471"}], "sourceIdentifier": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6", "type": "Secondary"}]}