Skip to main content

Graphiti CVE-2026-32247

HIGH
Improper Neutralization of Special Elements in Data Query Logic (CWE-943)
2026-03-12 security-advisories@github.com GHSA-gg5m-55jj-8m5g
8.1
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
8.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
PoC Detected
Mar 18, 2026 - 14:38 vuln.today
Public exploit code
Analysis Generated
Mar 12, 2026 - 19:57 vuln.today
CVE Published
Mar 12, 2026 - 19:16 nvd
HIGH 8.1

DescriptionGitHub Advisory

Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.node_labels were concatenated directly into Cypher label expressions without validation. In MCP deployments, this was exploitable not only through direct untrusted access to the Graphiti MCP server, but also through prompt injection against an LLM client that could be induced to call search_nodes with attacker-controlled entity_types values. The MCP server mapped entity_types to SearchFilters.node_labels, which then reached the vulnerable Cypher construction path. Affected backends included Neo4j, FalkorDB, and Neptune. Kuzu was not affected by the label-injection issue because it used parameterized label handling rather than string-interpolated Cypher labels. This issue was mitigated in 0.28.2.

AnalysisAI

High severity vulnerability in Graphiti. #

Technical ContextAI

Vulnerability Type: Improper Neutralization of Special Elements in Data Query Logic (CWE-943) CVSS 3.1: 8.1/10.0 — Attack Vector: Network | Complexity: Low | Privileges Required: Low | User Interaction: None Attack Techniques: Authentication Bypass Source: https://github.com/getzep/graphiti Authentication bypass allows attackers to access protected resources without valid credentials.

RemediationAI

Patches available:

  • https://github.com/getzep/graphiti/pull/1312
  • https://github.com/getzep/graphiti/commit/7d65d5e77e89a199a62d737634eaa26dbb04d037

Security advisories:

  • https://github.com/getzep/graphiti/security/advisories/GHSA-gg5m-55jj-8m5g

Update to the latest patched version as soon as possible.

Share

CVE-2026-32247 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy