Primary

Context

Neo4j Enterprise Excessive Authentication Context Caching Vulnerability

Vulnerability

Patched

A vulnerability exists in Neo4j Enterprise Edition versions prior to 2026.01.4, where excessive caching of authentication context can lead to authenticated users inheriting the context of the first user who logged in after a restart. This issue is confined to certain non-default SSO configurations that utilize the UserInfo endpoint.

Impact

This vulnerability can result in unauthorized context inheritance, potentially allowing users to gain access to resources or permissions intended for other users.

Remediation

Users are advised to upgrade to Neo4j Enterprise Edition versions 2026.01.4 or 5.26.22, where this issue has been fixed. As a temporary workaround, set 'dbms.security.oidc.<provider>.get_groups_from_user_info' and 'dbms.security.oidc.<provider>.get_username_from_user_info' to 'false'.

Added: Mar 11, 2026, 5:31 PM

Updated: Mar 11, 2026, 5:31 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.3

exploitability

4.8

remediation

8.3

relevance

3.8

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.3

exploitability

4.8

remediation

8.3

relevance

3.8

threat

0.0

urgency

0.0

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Neo4j Enterprise Excessive Authentication Context Caching Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Neo4j

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating