CVE-2026-1497 in Enterprise Editioninfo

Summary

by MITRE • 03/11/2026

Incorrect resolving of namespaces in composite databases in Neo4j Enterprise edition prior to versions 2026.02 and 5.26.22 can lead to the following scenario:  an admin that intends to give a user an access to a remote database constituent "namespace.name" will inadvertently grant access to any local database or remote alias called "name". If such database or alias doesn't exist when the command is run, the privileges will apply if it's created in the future.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 05/17/2026

The vulnerability described in CVE-2026-1497 represents a critical namespace resolution flaw within Neo4j Enterprise Edition's composite database access control mechanism. This issue affects versions prior to 2026.02 and 5.26.22, creating a significant security risk through improper privilege assignment during database access control operations. The flaw stems from how Neo4j handles namespace resolution when managing access permissions for composite databases, specifically when administrators attempt to grant access to remote database constituents using the format "namespace.name".

The technical implementation of this vulnerability manifests when administrators execute commands to grant user access to specific database constituents. The system incorrectly interprets the namespace resolution process, causing access permissions intended for a specific remote database called "namespace.name" to be improperly applied to any local database or remote alias named "name". This misinterpretation occurs at the privilege assignment level where the system fails to properly distinguish between the fully qualified namespace path and the simple name component. The vulnerability becomes particularly dangerous because it operates at the access control layer, where the system's authorization logic incorrectly processes the namespace components, leading to over-privileged access scenarios.

The operational impact of this vulnerability extends beyond simple access control bypasses and creates persistent security risks that can be exploited by both malicious actors and privileged insiders. When an administrator issues a grant command for "namespace.name", the system erroneously applies the privileges to any database or alias named "name" that exists locally or might be created in the future. This creates a temporal security gap where newly created databases or aliases automatically inherit the unintended privileges, effectively bypassing the intended access control boundaries. The vulnerability essentially allows for privilege escalation through namespace confusion, where legitimate administrative operations inadvertently create security holes in the database access control system.

This flaw aligns with CWE-284 Access Control Issues, specifically addressing improper access control through incorrect privilege assignment and namespace resolution. The vulnerability also maps to ATT&CK technique T1078 Valid Accounts, as it enables unauthorized access to database resources through legitimate administrative commands that are misinterpreted by the system. Additionally, it relates to T1566 Impersonation by exploiting the system's trust in administrative operations to create unauthorized access paths. Organizations implementing composite database architectures in Neo4j Enterprise Edition face significant risk of privilege escalation attacks, as the vulnerability allows for creation of access paths that bypass normal security boundaries. The issue is particularly concerning in environments where multiple databases and aliases are managed, as the scope of potential impact increases with system complexity.

Mitigation strategies should focus on immediate patching to versions 2026.02 and 5.26.22 where the namespace resolution logic has been corrected. Administrators should conduct comprehensive audits of existing access control configurations to identify and correct any inadvertently granted privileges that may have been affected by this vulnerability. The system should be configured to enforce strict namespace validation during privilege assignment operations, ensuring that fully qualified names are properly resolved before access permissions are applied. Organizations should implement monitoring for anomalous access control changes and establish procedures for regular privilege reviews to detect any unauthorized access patterns that might have resulted from this vulnerability. Additionally, security teams should consider implementing network segmentation and additional access controls to limit the impact of potential exploitation, while ensuring that all administrative operations involving namespace resolution are properly logged and audited for security compliance.

Responsible

Neo4j

Reservation

01/27/2026

Disclosure

03/11/2026

Moderation

accepted

CPE

ready

EPSS

0.00235

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!