Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
2.1
Neo4j Enterprise Edition: Insecure Authentication Context Caching
CVE-2026-1471
Summary
A security issue affects Neo4j Enterprise edition versions before 2026.01.4, where users who log in after a restart may inherit the authentication context of the first user who logged in. This can lead to unexpected access to sensitive data. To fix this, update to version 2026.01.4 or 5.26.22 as soon as possible.
Original title
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after res...
Original description
Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint).
We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.
We recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed.
nvd CVSS4.0
2.1
Vulnerability type
CWE-863
Incorrect Authorization
Published: 11 Mar 2026 · Updated: 13 Mar 2026 · First seen: 11 Mar 2026