178 matches found
EUVD-2026-23518
Neo4j Labs MCP Servers: SSRF and Data Modification via readonly Mode Bypass Through CALL Procedures...
CVE-2026-35402
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...
CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...
CVE-2026-35402 mcp-neo4j-cypher: SSRF and Data Modification via read_only Mode Bypass Through CALL Procedures
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...
CVE-2026-35402
mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the readonly mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in...
CVE-2026-35402
The CVE concerns mcp-neo4j-cypher (MCP server) where, in versions before 0.6.0, enforcement of read_only mode can be bypassed via APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This is mitigated by upgrading to version 0.6.0, which fixes t...
PT-2026-33508
Name of the Vulnerable Software and Affected Versions mcp-neo4j-cypher versions prior to 0.6.0 Description The read only mode enforcement can be bypassed using APOC CALL procedures. This may allow unauthorized write operations or server-side request forgery, which is a technique where an attacker...
Improper Neutralization of Special Elements in Data Query Logic
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic through the GraphCypherQAChain request handling and graph.query execution path in GraphCypherQAChain.ts. An attacker can force...
GHSA-28G4-38Q8-3CWC Flowise: Cypher Injection in GraphCypherQAChain
Summary The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletio...
Flowise: Cypher Injection in GraphCypherQAChain
Summary The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. An attacker can inject arbitrary Cypher commands that are executed on the underlying Neo4j database, enabling data exfiltration, modification, or deletio...
PT-2026-34755
Name of the Vulnerable Software and Affected Versions Flowise versions prior to 3.1.0 Description The GraphCypherQAChain node forwards user-provided input directly into the Cypher query execution pipeline without proper sanitization. This allows an attacker to inject arbitrary Cypher commands tha...
Spring AI 1.0.x < 1.0.5 / 1.1.x < 1.1.4 Multiple Vulnerabilities
The version of Spring AI installed on the remote host is 1.0.x prior to 1.0.5 or 1.1.x prior to 1.1.4. It is, therefore, affected by multiple vulnerabilities, including: - A SpEL injection vulnerability exists in SimpleVectorStore when a user-supplied value is used as a filter expression key. A...
CVE-2026-22743
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...
GHSA-7CJ7-RCW6-P68V Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...
EUVD-2026-16539
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...
Spring AI has a Cypher Injection vulnerability in Neo4jVectorFilterExpressionConverter
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...
CVE-2026-22743
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...
CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...
CVE-2026-22743 Server-Side Request Forgery via Filter Expression Keys in Neo4jVectorStore
Spring AI's spring-ai-neo4j-store contains a Cypher injection vulnerability in Neo4jVectorFilterExpressionConverter. When a user-controlled string is passed as a filter expression key in Neo4jVectorFilterExpressionConverter of spring-ai-neo4j-store, doKey embeds the key into a backtick-delimited...
CVE-2026-22743
CVE-2026-22743 affects Spring AI’s spring-ai-neo4j-store, specifically the Cypher injection in the Neo4jVectorFilterExpressionConverter. A user-controlled string used as a filter expression key is embedded into a backtick-delimited Cypher property accessor (node.metadata.) after stripping only do...