Primary

Context

Neo4j Information Leak Vulnerability in Bolt Protocol Handshake

Vulnerability

Patched

A potential information leak vulnerability has been identified in the Bolt protocol handshake of Neo4j Community and Enterprise editions. This vulnerability affects versions 5.26.0 to 5.26.14 and 2025.1.0 to 2025.10.0. It allows an attacker to obtain one byte of information from previous connections, without any control over the leaked information in server responses.

Impact

Exploitation of this vulnerability could lead to an unauthorized information leak, allowing an attacker to retrieve sensitive data from previous connections.

Remediation

Users are advised to upgrade to Neo4j versions 5.26.15 or 2025.10.1 and above, where this issue has been fixed. This vulnerability is not applicable to Neo4j AuraDB, the fully managed cloud service.

Added: Oct 31, 2025, 11:18 AM

Updated: Oct 31, 2025, 11:18 AM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

0.0

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

7.4

remediation

7.7

relevance

0.9

threat

0.0

urgency

0.0

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Neo4j Information Leak Vulnerability in Bolt Protocol Handshake

Vulnerability

Impact

Remediation

Affected Products

Neo4j

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating