Primary

Context

Neo4j Enterprise Edition Information Disclosure Vulnerability

Vulnerability

Patched

A vulnerability allowing information disclosure exists in Neo4j Enterprise Edition versions prior to 2025.11.2 and 5.26.17. This issue can be exploited by an attacker with legitimate access to the database who lacks read access to a specific property. The vulnerability enables the attacker to infer the property's value by enumerating possible values and observing the error messages generated when attempting to set the property. This could lead to unauthorized knowledge of sensitive data.

Impact

Exploitation of this vulnerability could result in unauthorized information disclosure, allowing an attacker to infer property values they do not have permission to read.

Remediation

Users are advised to upgrade to Neo4j Enterprise Edition versions 2025.11.2 or 5.26.17 and above, where this vulnerability has been fixed. The issue is not applicable to Neo4j AuraDB, the fully managed cloud service.

Added: Jan 22, 2026, 3:33 PM

Updated: Jan 22, 2026, 3:33 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

4.8

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

0.6

exploitability

4.8

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Neo4j Enterprise Edition Information Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Neo4j Enterprise

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating