CVE-2026-35402 | neo4j-contrib mcp-neo4j up to 0.5.x APOC CALL read_only access control (GHSA-x3cv-r3g3-fpg9)

A vulnerability identified as critical has been detected in neo4j-contrib mcp-neo4j up to 0.5.x. This affects the function read_only of the component APOC CALL Handler. This manipulation causes improper access controls.

The identification of this vulnerability is CVE-2026-35402. It is possible to initiate the attack remotely. There is no exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More