CVE-2026-32247

Name of the Vulnerable Software and Affected Versions Graphiti versions prior to 0.28.2

Description Graphiti, a framework for building and querying temporal context graphs for AI agents, had a Cypher injection issue in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values provided through SearchFilters.node labels were directly concatenated into Cypher label expressions without validation. In MCP deployments, this was exploitable through direct untrusted access to the Graphiti MCP server and through prompt injection against an LLM client that could be induced to call search nodes with attacker-controlled entity types values. The MCP server mapped entity types to SearchFilters.node labels, which then reached the vulnerable Cypher construction path. Affected backends included Neo4j, FalkorDB, and Neptune. Kuzu was not affected because it used parameterized label handling. Successful exploitation could allow arbitrary Cypher execution within the privileges of the configured graph database connection, potentially enabling unauthorized data access, modification, or deletion, and bypassing logical group isolation. The issue also involved a separate, narrower issue in fulltext search query construction for unvalidated group ids.

Recommendations Upgrade to version 0.28.2 or later.