PatchSiren cyber security CVE debrief
CVE-2026-1471 Neo4j CVE debrief
CVE-2026-1471 describes an authentication-context handling issue in Neo4j Enterprise edition versions prior to 2026.01.4. In certain non-default SSO configurations that use the UserInfo endpoint, the system can retain excessive authentication context after a restart, which may cause authenticated users to inherit the context of the first user who signs in after that restart. The issue is rated Low severity in the supplied data, but it is still security-relevant because it can create identity and authorization confusion in affected deployments. Neo4j states that upgrading to 2026.01.4, or 5.26.22, resolves the issue.
- Vendor
- Neo4j
- Product
- Enterprise edition
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-03-11
- Original CVE updated
- 2026-03-12
- Advisory published
- 2026-03-11
- Advisory updated
- 2026-03-12
Who should care
Neo4j Enterprise administrators and security teams should pay attention if their deployments use SSO with the UserInfo endpoint, especially in non-default configurations. This is most relevant for environments where restarts are routine and where authentication state must remain strictly isolated between users.
Technical summary
The vulnerability is an excessive caching problem in authentication context management. After a restart, the first successfully authenticated user can establish context that is then improperly inherited by later authenticated users. According to the supplied description, the condition is limited to certain non-default SSO configurations using the UserInfo endpoint and affects Neo4j Enterprise edition versions prior to 2026.01.4.
Defensive priority
Medium priority for any affected Neo4j Enterprise environment using the described SSO configuration; otherwise low. Even with a low CVSS score, auth-context leakage can lead to incorrect access decisions and should be remediated promptly where the exposure exists.
Recommended defensive actions
- Upgrade Neo4j Enterprise to 2026.01.4 or later, or to 5.26.22, as recommended by the vendor.
- Review SSO configuration to determine whether the UserInfo endpoint is enabled in a non-default setup.
- After patching, verify that authentication and authorization decisions remain isolated across multiple users and service restarts.
- Treat any unexpected identity or role inheritance after restart as a sign to validate the deployment’s SSO and auth-cache configuration.
- Track the vendor advisory and NVD entry for any follow-up clarification while remediation is underway.
Evidence notes
This debrief is based only on the supplied CVE description, NVD metadata, and the referenced Neo4j security advisory. The supplied record lists the CVE as published on 2026-03-11 and modified on 2026-03-12, with NVD status shown as undergoing analysis. The vendor attribution in the provided metadata is low confidence/needs review, but the referenced advisory URL points to Neo4j and the description explicitly names Neo4j Enterprise edition. No exploit details or unsupported impact claims were used.
Official resources
-
CVE-2026-1471 CVE record
CVE.org
-
CVE-2026-1471 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6
Publicly disclosed on 2026-03-11 and updated on 2026-03-12. The supplied advisory reference points to Neo4j’s security page, and the fix versions listed in the source are 2026.01.4 and 5.26.22.