Bypass of Read-Only Mode in MCP Server for Neo4j Databases
CVE-2026-35402

2.3LOW

Key Information:

Vendor: Neo4j-contrib
Status: Mcp-neo4j
Vendor: CVE Published:; 17 April 2026

🔔 Create Neo4j-contrib Vulnerability Alert

What is CVE-2026-35402?

The mcp-neo4j-cypher product, a server designed to execute Cypher queries on Neo4j databases, has a critical flaw in versions before 0.6.0. This vulnerability allows attackers to circumvent read-only mode enforcement through the use of APOC CALL procedures. Exploiting this issue can lead to unauthorized write operations to the database or even server-side request forgery, posing significant risks to data integrity and system security. The problem has been resolved in version 0.6.0, making it crucial for users to upgrade to this release to safeguard their systems.

Affected Version(s)

mcp-neo4j < 0.6.0

References

https://github.com/neo4j-contrib/mcp-neo4j/security/advis...

x_refsource_CONFIRM

https://github.com/neo4j-contrib/mcp-neo4j/releases/tag/m...

x_refsource_MISC

CVSS V4

Score:

2.3

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2026
Vulnerability Reserved
Apr 2, 2026

CVE-2026-35402 Data

JSON