CVE-2026-1471 is a security vulnerability classified under CWE-863 (Incorrect Authorization) affecting Neo4j Enterprise edition versions prior to 2026.01.4, specifically versions 2025.01 and 4.4.0. The root cause is excessive caching of the authentication context when using certain non-default Single Sign-On (SSO) configurations that rely on the UserInfo endpoint. After a Neo4j server restart, the first user to authenticate establishes an authentication context that is improperly cached and subsequently inherited by other authenticated users. This flaw leads to an authorization bypass where users may gain access to privileges or data associated with the initial authenticated user, violating the principle of least privilege. Exploitation requires the attacker to be an authenticated user with limited privileges and to interact with the system, but no elevated privileges or direct administrative access are necessary. The vulnerability does not affect default SSO configurations and is limited to specific setups. Neo4j has addressed this issue in versions 2026.01.4 and 5.26.22 by correcting the caching mechanism to ensure proper isolation of authentication contexts per user session. There are no known exploits in the wild, and the CVSS v4.0 base score is 2.1, reflecting low severity due to limited impact and exploitation complexity.

The primary impact of CVE-2026-1471 is unauthorized access due to incorrect authorization context caching. Affected organizations using Neo4j Enterprise with vulnerable SSO configurations risk users inheriting the privileges of the first authenticated user after a restart, potentially exposing sensitive graph data or administrative functions. This could lead to data confidentiality breaches or unauthorized data manipulation. However, the impact is mitigated by the requirement for the attacker to be an authenticated user and the vulnerability’s limitation to non-default SSO configurations. The flaw could disrupt trust in access controls and complicate compliance with data protection regulations. While no widespread exploitation is reported, organizations with critical Neo4j deployments, especially those relying on SSO for authentication, should consider the risk significant enough to warrant prompt remediation to avoid privilege escalation scenarios.

To mitigate CVE-2026-1471, organizations should immediately upgrade Neo4j Enterprise edition to version 2026.01.4 or 5.26.22 where the vulnerability is fixed. Until upgrading, administrators should review and avoid using the affected non-default SSO UserInfo endpoint configurations or disable SSO if feasible. Implement strict session management and monitor authentication logs for unusual patterns post-restart. Employ network segmentation and access controls to limit the exposure of Neo4j instances to only trusted users. Additionally, conduct regular audits of user privileges and authentication mechanisms to detect any anomalies. Organizations should also ensure that restart procedures are controlled and monitored to reduce the window of risk. Finally, maintain up-to-date backups and incident response plans tailored to potential unauthorized access scenarios.