21 matches found
Authorization Bypass
mcp-neo4j-cypher is vulnerable to Authorization Bypass. The vulnerability is due to the readonly mode enforcement being bypassable using APOC CALL procedures, where unauthorized write operations or server-side request forgery can occur and attackers can exploit this to gain unauthorized access...
EUVD-2026-23518
Neo4j Labs MCP Servers: SSRF and Data Modification via readonly Mode Bypass Through CALL Procedures...
CVE-2026-35402
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...
CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...
CVE-2026-35402
The CVE concerns mcp-neo4j-cypher (MCP server) where, in versions before 0.6.0, enforcement of read_only mode can be bypassed via APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This is mitigated by upgrading to version 0.6.0, which fixes t...
CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...
DNS Rebinding
Neo4j Cypher MCP is vulnerable to DNS Rebinding. The vulnerability is due to the MCP server trusting requests from rebinding hostnames, and attackers can lure users to a malicious website that rebinding succeeds on to bypass Same-Origin Policy and invoke tools against local Neo4j instances...
EUVD-2024-1703
Malicious code in bioql PyPI...
EUVD-2025-28908
Malicious code in bioql PyPI...
CVE-2025-10193
DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...
Origin Validation Error
Overview mcp-neo4j-cypher is an A simple Neo4j MCP server Affected versions of this package are vulnerable to Origin Validation Error via the lack of proper origin validation in the server's request handling. An attacker can execute unauthorized tool invocations against locally running instances ...
GHSA-VCQX-V2MG-7CHX Neo4j Cypher MCP server is vulnerable to DNS rebinding
Impact DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spen...
Neo4j Cypher MCP server is vulnerable to DNS rebinding
Impact DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spen...
CVE-2025-10193
DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...
CVE-2025-10193 Neo4j Cypher MCP server is vulnerable to DNS rebinding attacks
DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...
CVE-2025-10193 Neo4j Cypher MCP server is vulnerable to DNS rebinding attacks
DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...
CVE-2025-10193
CVE-2025-10193 : DNS rebinding vulnerability in the Neo4j Cypher MCP server allows a malicious website to bypass Same-Origin Policy and trigger unauthorised local tool invocations. The attack relies on a user visiting a crafted site for enough time to succeed. Public details indicate impact on th...
PT-2025-37184
Name of the Vulnerable Software and Affected Versions: Neo4j Cypher MCP server affected versions not specified Description: A DNS rebinding issue exists in the Neo4j Cypher MCP server. This allows malicious websites to circumvent Same-Origin Policy protections and execute unauthorized tool...
BIT-NEO4J-2024-34517
The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access...
com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.1.0 <=2.1.0-RC2), io.github.qsy7.java.dependencies:neo4j (=0.3.3) +29 more potentially affected by CVE-2024-34517 via org.neo4j:neo4j-cypher (>=5.10.0 <=5.18.1)
org.neo4j:neo4j-cypher MAVEN version =5.10.0, =2.1.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.1, =5.18.0 and more Source cves: CVE-2024-34517 Source advisory: OSV:GHSA-P343-9QWP-PQXV...