Lucene search
K

21 matches found

Veracode
Veracode
added 2026/04/18 5:38 a.m.9 views

Authorization Bypass

mcp-neo4j-cypher is vulnerable to Authorization Bypass. The vulnerability is due to the readonly mode enforcement being bypassable using APOC CALL procedures, where unauthorized write operations or server-side request forgery can occur and attackers can exploit this to gain unauthorized access...

2.3CVSS5.3AI score0.00264EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/04/17 9:30 p.m.6 views

EUVD-2026-23518

Neo4j Labs MCP Servers: SSRF and Data Modification via readonly Mode Bypass Through CALL Procedures...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References2
NVD
NVD
added 2026/04/17 9:16 p.m.8 views

CVE-2026-35402

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS0.00264EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/17 8:34 p.m.27 views

CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS0.00264EPSS
Exploits0References2
CVE
CVE
added 2026/04/17 8:34 p.m.25 views

CVE-2026-35402

The CVE concerns mcp-neo4j-cypher (MCP server) where, in versions before 0.6.0, enforcement of read_only mode can be bypassed via APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This is mitigated by upgrading to version 0.6.0, which fixes t...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/17 8:34 p.m.6 views

CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures

mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...

2.3CVSS5.7AI score0.00264EPSS
Exploits0References2
Veracode
Veracode
added 2025/10/22 10:10 a.m.4 views

DNS Rebinding

Neo4j Cypher MCP is vulnerable to DNS Rebinding. The vulnerability is due to the MCP server trusting requests from rebinding hostnames, and attackers can lure users to a malicious website that rebinding succeeds on to bypass Same-Origin Policy and invoke tools against local Neo4j instances...

7.4CVSS6.4AI score0.00206EPSS
Exploits0References7Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-1703

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00625EPSS
Exploits0References7
EUVD
EUVD
added 2025/10/03 8:7 p.m.24 views

EUVD-2025-28908

Malicious code in bioql PyPI...

7.4CVSS6.4AI score0.00206EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/09/13 2:20 p.m.7 views

CVE-2025-10193

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...

7.4CVSS6.9AI score0.00206EPSS
Exploits0References1
Snyk
Snyk
added 2025/09/11 11:26 p.m.5 views

Origin Validation Error

Overview mcp-neo4j-cypher is an A simple Neo4j MCP server Affected versions of this package are vulnerable to Origin Validation Error via the lack of proper origin validation in the server's request handling. An attacker can execute unauthorized tool invocations against locally running instances ...

7.4CVSS6.8AI score0.00206EPSS
Exploits0References2
OSV
OSV
added 2025/09/11 11:26 p.m.4 views

GHSA-VCQX-V2MG-7CHX Neo4j Cypher MCP server is vulnerable to DNS rebinding

Impact DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spen...

7.4CVSS6.8AI score0.00206EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/09/11 11:26 p.m.15 views

Neo4j Cypher MCP server is vulnerable to DNS rebinding

Impact DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spen...

7.4CVSS6.8AI score0.00206EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2025/09/11 2:15 p.m.7 views

CVE-2025-10193

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...

7.4CVSS5.8AI score0.00206EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/09/11 2:5 p.m.23 views

CVE-2025-10193 Neo4j Cypher MCP server is vulnerable to DNS rebinding attacks

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...

7.4CVSS0.00206EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 2:5 p.m.2 views

CVE-2025-10193 Neo4j Cypher MCP server is vulnerable to DNS rebinding attacks

DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...

7.4CVSS6.5AI score0.00206EPSS
Exploits0References3
CVE
CVE
added 2025/09/11 2:5 p.m.15 views

CVE-2025-10193

CVE-2025-10193 : DNS rebinding vulnerability in the Neo4j Cypher MCP server allows a malicious website to bypass Same-Origin Policy and trigger unauthorised local tool invocations. The attack relies on a user visiting a crafted site for enough time to succeed. Public details indicate impact on th...

7.4CVSS6.5AI score0.00206EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.13 views

PT-2025-37184

Name of the Vulnerable Software and Affected Versions: Neo4j Cypher MCP server affected versions not specified Description: A DNS rebinding issue exists in the Neo4j Cypher MCP server. This allows malicious websites to circumvent Same-Origin Policy protections and execute unauthorized tool...

7.4CVSS6AI score0.00206EPSS
Exploits0References10
OSV
OSV
added 2025/03/12 7:15 a.m.8 views

BIT-NEO4J-2024-34517

The Cypher component in Neo4j 5.0.0 through 5.18 mishandles IMMUTABLE privileges in some situations where an attacker already has admin access...

6.5CVSS6.4AI score0.00625EPSS
Exploits0References5
vulnersOsv
vulnersOsv
added 2024/05/07 6:30 p.m.5 views

com.buschmais.jqassistant.cli:jqassistant-commandline-neo4jv5 (>=2.1.0 <=2.1.0-RC2), io.github.qsy7.java.dependencies:neo4j (=0.3.3) +29 more potentially affected by CVE-2024-34517 via org.neo4j:neo4j-cypher (>=5.10.0 <=5.18.1)

org.neo4j:neo4j-cypher MAVEN version =5.10.0, =2.1.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.0, =5.10.1, =5.18.0 and more Source cves: CVE-2024-34517 Source advisory: OSV:GHSA-P343-9QWP-PQXV...

6.5CVSS6.8AI score0.00625EPSS
Exploits0
Rows per page
Query Builder