PT-2026-6724 · Neo4J · Neo4J

Joakim Bülow

Publicado

2026-02-06

Atualizado

2026-02-26

CVE-2026-1337

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Neo4j versions prior to 2026.01

Description A lack of proper unicode character escaping in the query log functionality can result in cross-site scripting (XSS) if logs are opened in a tool that interprets them as HTML. The issue is present in both Neo4j Enterprise and Community editions. While there is no direct security impact to Neo4j products, the advisory suggests treating logs as plain text.

Recommendations Update to version 2026.01 or later. Treat query logs as plain text if using versions prior to 2026.01.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-117

Identificadores relacionados

BIT-NEO4J-2026-1337

CVE-2026-1337

GHSA-XR72-G735-4VWP

Produtos afetados

Neo4J

PT-2026-6724 · Neo4J · Neo4J

CVE-2026-1337

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7