CVE-2026-1471 is an incorrect authorization vulnerability (CWE-863) identified in Neo4j Enterprise edition prior to version 2026.01.4. The root cause is excessive caching of the authentication context when using certain non-default Single Sign-On (SSO) configurations, specifically those involving the UserInfo endpoint. After a Neo4j server restart, the authentication context of the first user to authenticate is cached excessively and subsequently inherited by other authenticated users. This means that subsequent users may gain access rights or privileges associated with the initial user session, leading to potential unauthorized access or privilege escalation within the database environment. The vulnerability requires that users be authenticated and interact with the system, and it does not affect default configurations. The CVSS 4.0 score is 2.1, reflecting low severity due to limited impact and exploitation complexity. Neo4j has addressed this issue in versions 2026.01.4 and 5.26.22 by correcting the caching mechanism to ensure proper isolation of authentication contexts. No public exploits have been reported to date, but the flaw poses a risk in environments using the affected SSO configurations.

The primary impact of CVE-2026-1471 is unauthorized access due to improper authorization context handling. In affected Neo4j Enterprise environments, an authenticated user could inherit the privileges of another user, potentially gaining elevated rights or access to sensitive data. This could lead to data confidentiality breaches, unauthorized data modification, or disruption of database integrity. Although the vulnerability requires authentication and user interaction, the risk is significant in multi-tenant or shared environments where users have varying privilege levels. Organizations relying on Neo4j for critical data analytics, identity management, or business intelligence could face operational risks and compliance issues if unauthorized access occurs. The limited scope to specific SSO configurations reduces the overall attack surface but does not eliminate the risk in affected deployments. The absence of known exploits reduces immediate threat but does not preclude future exploitation attempts.

To mitigate CVE-2026-1471, organizations should upgrade Neo4j Enterprise edition to version 2026.01.4 or 5.26.22 where the vulnerability is fixed. Until upgrading, review and restrict the use of non-default SSO configurations involving the UserInfo endpoint to trusted users only. Implement strict session management and monitor authentication logs for anomalies indicating privilege inheritance. Employ network segmentation and access controls to limit exposure of Neo4j instances to only necessary users and systems. Conduct regular audits of user privileges and authentication mechanisms to detect potential misuse. Additionally, consider disabling or temporarily avoiding the affected SSO configurations if feasible. Maintain up-to-date backups and incident response plans to quickly address any unauthorized access incidents. Finally, stay informed on Neo4j security advisories for any further updates or patches.