Neo4j Enterprise Edition Namespace Resolution Vulnerability in Composite Databases

Vulnerability

A vulnerability exists in Neo4j Enterprise Edition versions prior to 2026.02 and 5.26.22, related to incorrect namespace resolution in composite databases. This issue allows an admin to unintentionally grant a user access to local databases or remote aliases with the same name, instead of the intended remote database constituent. If the specified database or alias does not exist at the time of the command, the granted privileges will apply to any future creation of such a database or alias.

Impact

Exploitation of this vulnerability could lead to unauthorized access to databases or aliases, allowing users to interact with data they should not have access to.

Added: Mar 11, 2026, 4:27 PM

Updated: Mar 11, 2026, 4:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.8

remediation

0.0

relevance

3.8

threat

0.0

urgency

1.4

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.8

remediation

0.0

relevance

3.8

threat

0.0

urgency

1.4

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Neo4j Enterprise Edition Namespace Resolution Vulnerability in Composite Databases

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating