CVE-2026-1524
Received Received - Intake
SSO Authorization Bypass in Neo4j Enterprise via OIDC Misconfiguration

Publication date: 2026-03-11

Last updated on: 2026-03-11

Assigner: Neo4j

Description
An edgecase in SSO implementation in Neo4j Enterprise edition versions prior to version 2026.02 can lead to unauthorised access under the following conditions: If a neo4j admin configures two or more OIDC providers AND configures one or more of them to be an authorization provider AND configures one or more of them to be authentication-only, then those that are authentication-only will also provide authorization. This edgecase becomes a security problem only ifΒ the authentication-only provider contains groups which have higher privileges than provided by the intended (configured) authorization provider. When using multiple plugins for authentication and authorisation, prior to the fix the issue could lead to a plugin configured to provide only authentication or authorisation capabilities erroneously providing both capabilities.Β  We recommend upgrading to versions 2026.02 (or 5.26.22) where the issue is fixed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-03-11
Generated
2026-05-07
AI Q&A
2026-03-11
EPSS Evaluated
2026-05-05
NVD
CVE-2026-1524
EUVD
EUVD-2026-11212
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
neo4j enterprise to 2026.02 (exc)
neo4j enterprise to 5.26.22 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-287 When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2026-1524 is a security vulnerability in the Single Sign-On (SSO) implementation of Neo4j Enterprise edition versions prior to 2026.02. It occurs when a Neo4j administrator configures two or more OpenID Connect (OIDC) providers, assigning some as authorization providers and others as authentication-only providers.

Due to an edge case, the authentication-only providers incorrectly also grant authorization capabilities. This means that providers intended only to verify identity can also grant access rights.

This misconfiguration can lead to unauthorized access if the authentication-only provider includes user groups with higher privileges than those assigned by the intended authorization provider.

The vulnerability specifically affects setups using multiple plugins for authentication and authorization, where a plugin intended to provide only one capability erroneously provides both, potentially escalating privileges beyond what was intended.


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized access in your Neo4j Enterprise environment.

If an authentication-only provider mistakenly grants authorization, users or groups may gain higher privileges than intended.

This privilege escalation can compromise the security of your data and systems by allowing users to perform actions they should not be authorized to do.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, it is recommended to upgrade Neo4j Enterprise edition to version 2026.02 or later, where the issue is fixed.

Additionally, review your configuration of OpenID Connect (OIDC) providers to ensure that authentication-only providers are not inadvertently granting authorization capabilities, especially if they include groups with higher privileges.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart