NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-35402

Summary	mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This issue is fixed in version 0.6.0.
Publication Date	April 18, 2026, 6:16 a.m.
Registration Date	April 19, 2026, 4:08 a.m.
Last Update	April 18, 2026, 6:16 a.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/neo4j-contrib/mcp-neo4j/releases/tag/mcp-neo4j-cypher-v0.6.0	security-advisories@github.com
2	https://github.com/neo4j-contrib/mcp-neo4j/security/advisories/GHSA-x3cv-r3g3-fpg9	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-284	不適切なアクセス制御	https://cwe.mitre.org/data/definitions/284.html