CVE-2025-11602

Information

Neo4j Community and Enterprise edition versions 5.26.0 to 5.26.14 and 2025.1.0 to 2025.10.0 are vulnerable to a potential information leak in Bolt protocol handshake. The vulnerability allows attacker in some scenarios to obtain one byte of information from previous connections. The attacker has no control over the information leaked in server responses. We recommend upgrading to 5.26.15 or 2025.10.1 or above, where the issue is fixed. The issue is not applicable to AuraDB – Neo4j Fully Managed Cloud Service

Links

• • CVE: opens in new tabhttps://www.cve.org/CVERecord?id=CVE-2025-11602