CVE-2026-1497

EPSS 0.24%
Veröffentlicht 11.03.2026 16:16:22
Zuletzt bearbeitet 13.05.2026 16:42:34
Quelle 3b236295-4ccd-4a1f-a1c1-a72eec
CVE-Watchlists
Login
Unerledigt
Login

Incorrect privilege assignment in composite databases

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: 
an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any local database or remote alias called "name". If such database or alias doesn't exist when the command is run, the privileges will apply if it's created in the future.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Neo4j ≫ Neo4j SwEditionenterprise Version < 5.26.22

Neo4j ≫ Neo4j SwEditionenterprise Version >= 2025.01.0 < 2026.02

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.142

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	1.2	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6	2	0	0	CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:M/U:Green

CWE-863 Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

https://neo4j.com/security/CVE-2026-1497

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2026-1497

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-1497

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-1497

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-1497