{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-22T10:06:45.827","vulnerabilities":[{"cve":{"id":"CVE-2026-1471","sourceIdentifier":"3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6","published":"2026-03-11T17:16:54.160","lastModified":"2026-03-12T21:08:22.643","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"Excessive caching of authentication context in Neo4j Enterprise edition versions prior to 2026.01.4 leads to authenticated users inheriting the context of the first user who authenticated after restart. The issue is limited to certain non-default configurations of SSO (UserInfo endpoint). \nWe recommend upgrading to versions 2026.01.4 (or 5.26.22) where the issue is fixed."},{"lang":"es","value":"El almacenamiento en caché excesivo del contexto de autenticación en versiones de Neo4j Enterprise edition anteriores a 2026.01.4 lleva a que los usuarios autenticados hereden el contexto del primer usuario que se autenticó después del reinicio. El problema se limita a ciertas configuraciones no predeterminadas de SSO (punto final UserInfo). Recomendamos actualizar a las versiones 2026.01.4 (o 5.26.22) donde el problema está solucionado."}],"metrics":{"cvssMetricV40":[{"source":"3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:Clear","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"PRESENT","privilegesRequired":"LOW","userInteraction":"PASSIVE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NO","Recovery":"USER","valueDensity":"DIFFUSE","vulnerabilityResponseEffort":"LOW","providerUrgency":"CLEAR"}}]},"weaknesses":[{"source":"3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6","type":"Secondary","description":[{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://neo4j.com/security/CVE-2026-1471","source":"3b236295-4ccd-4a1f-a1c1-a72eecc8d7b6"}]}}]}