CVE-2026-35402
Bypass of Read-Only Enforcement via APOC in mcp-neo4j-cypher
Publication date: 2026-04-17
Last updated on: 2026-04-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| neo4j | mcpc-neo4j-cypher | to 0.6.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in mcp-neo4j-cypher, an MCP server used to execute Cypher queries on Neo4j databases. In versions before 0.6.0, the enforcement of read_only mode can be bypassed by using APOC CALL procedures. This bypass allows unauthorized write operations or server-side request forgery, meaning attackers could perform actions that should be restricted.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized write operations on your Neo4j database through the MCP server. It could also enable server-side request forgery, potentially leading to further exploitation or unauthorized access to internal resources. Essentially, it compromises the integrity and security of your database operations.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade mcp-neo4j-cypher to version 0.6.0 or later, where the read_only mode enforcement bypass issue is fixed.