CVE-2026-1497
2026-03-11
3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6
Lifecycle Timeline
2
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 11, 2026 - 16:16 nvd
N/A
Description
Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario: an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any local database or remote alias called "name". If such database or alias doesn't exist when the command is run, the privileges will apply if it's created in the future.
Analysis
Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition versions up to 2026.02 is affected by incorrect authorization.
Sign in for full analysis, threat intelligence, and remediation guidance.
Priority Score
0
Low
Medium
High
Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).