Graphiti
CVE-2026-32247
HIGH
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
4DescriptionGitHub Advisory
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.node_labels were concatenated directly into Cypher label expressions without validation. In MCP deployments, this was exploitable not only through direct untrusted access to the Graphiti MCP server, but also through prompt injection against an LLM client that could be induced to call search_nodes with attacker-controlled entity_types values. The MCP server mapped entity_types to SearchFilters.node_labels, which then reached the vulnerable Cypher construction path. Affected backends included Neo4j, FalkorDB, and Neptune. Kuzu was not affected by the label-injection issue because it used parameterized label handling rather than string-interpolated Cypher labels. This issue was mitigated in 0.28.2.
AnalysisAI
High severity vulnerability in Graphiti. #
Technical ContextAI
Vulnerability Type: Improper Neutralization of Special Elements in Data Query Logic (CWE-943) CVSS 3.1: 8.1/10.0 — Attack Vector: Network | Complexity: Low | Privileges Required: Low | User Interaction: None Attack Techniques: Authentication Bypass Source: https://github.com/getzep/graphiti Authentication bypass allows attackers to access protected resources without valid credentials.
RemediationAI
Patches available:
- https://github.com/getzep/graphiti/pull/1312
- https://github.com/getzep/graphiti/commit/7d65d5e77e89a199a62d737634eaa26dbb04d037
Security advisories:
- https://github.com/getzep/graphiti/security/advisories/GHSA-gg5m-55jj-8m5g
Update to the latest patched version as soon as possible.
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-gg5m-55jj-8m5g