Neo4j < 5.26.21 Information Disclosure Vulnerability (CVE-2026-1622)

According to its self-reported version number, the version of Neo4j running on the remote host is a version prior to 5.26.21. It is, therefore, affected by a information disclosure vulnerability where The obfuscateliterals option in the query logs does not redact error information, exposing...

Insertion of Sensitive Information into Log File

Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the obfuscateliterals option in query logging. An attacker can access sensitive information by reading unredacted error data in the query logs when queries fail. Notes: This is only...

Neo4j Enterprise and Community vulnerable to a potential information disclosure

Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscateliterals" option in the query logs does not redact error information, exposing unredacted dat...

CVE-2026-1622 Unredacted data exposure in query.log

Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obfuscateliterals" option in the query logs does not redact error information, exposing unredacted dat...