Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
There is a cypher injection issue in LogonTracer prior to v2.0.0. If specially crafted Windows event log data is loaded, the contents of the database may be altered.
AnalysisAI
Cypher injection in LogonTracer prior to v2.0.0 allows remote attackers to alter database contents by submitting specially crafted Windows event log data. The vulnerability requires user interaction to load the malicious log data but results in integrity compromise of the underlying database due to improper input sanitization in Cypher query construction.
Technical ContextAI
LogonTracer is a Windows event log analysis tool that parses security event logs and stores data in a graph database (likely Neo4j based on Cypher injection classification). The vulnerability exists in the event log import mechanism where user-supplied data from Windows event logs is incorporated into Cypher queries without proper escaping or parameterized query construction. CWE-943 (Improper Neutralization of Special Elements in Data Query Logic) identifies the root cause: unsanitized event log field values are concatenated directly into Cypher query syntax, allowing attackers to inject arbitrary Cypher commands. CPE indicates this affects all versions of LogonTracer prior to 2.0.0.
RemediationAI
Upgrade LogonTracer to version 2.0.0 or later, which addresses the cypher injection vulnerability. For organizations unable to immediately upgrade, restrict access to the LogonTracer import function to trusted administrators only and implement file integrity monitoring on event log sources to detect unauthorized modifications before import. Validate and sanitize all imported event log data by pre-processing logs through a separate tool that strips or escapes special characters used in Cypher syntax (e.g., quotes, brackets, colons) before loading into LogonTracer. Detailed remediation guidance is available from the JPCERT/CC advisory at https://www.jpcert.or.jp/press/2026/PR20260423.html and the Japan Vulnerability Notes (JVN) entry at https://jvn.jp/en/jp/JVN57877356/.
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-25742