VYPR

Mcp Neo4j

by Neo4j Contrib

Source repositories

CVEs (3)

  • CVE-2025-56406HigSep 10, 2025
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in mcp-neo4j 0.3.0 allowing attackers to obtain sensitive information or execute arbitrary commands via the SSE service. NOTE: the Supplier's position is that authentication is not mandatory for MCP servers, and the mcp-neo4j MCP server is only intended…

  • CVE-2025-10193HigSep 11, 2025
    risk 0.41cvss epss 0.00

    DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious…

  • CVE-2026-35402LowApr 17, 2026
    risk 0.15cvss epss 0.00

    mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement can be bypassed using APOC CALL procedures, potentially allowing unauthorized write operations or server-side request forgery. This…