CNNVD-202602-1014 Information

CNNVD ID

CNNVD-202602-1014

Related CVE

CVE-2026-1337

• CNNVD Published: 2026-02-06

Description (Chinese)

Neo4j是美国Neo4j公司的一款基于Java的且完全兼容ACID的图形数据库，它支持数据迁移、附加组件等。 Neo4j Enterprise和Neo4j Community 2026.01之前版本存在安全漏洞，该漏洞源于查询日志中Unicode字符转义不足，如果用户在将日志视为HTML的工具中打开日志，可能导致跨站脚本。

Description (English)

Neo4j is a Java-based and fully compatible graphic database of Neo4j, United States of America, which supports data migration, additional components, etc. There is a security loophole in the pre-Neo4j Enterprise and Neo4j Community 2026.01 versions, which stems from the inadequacy of Unicode character conversion in the query log, which may result in a cross-site script if the user opens the log in a tool that views the log as HTML.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Neo4j

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/JoakimBulow/CVE-2026-1337

Patch

https://neo4j.com/