Cypher Injection Vulnerability in Graphiti Framework by Getzep
CVE-2026-32247

8.1HIGH

Key Information:

Vendor

Getzep

Status
Graphiti
Vendor
CVE Published:
12 March 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2026-32247?

Graphiti, a framework designed for building and querying temporal context graphs for AI agents, has a significant Cypher injection vulnerability present in versions prior to 0.28.2. The flaw arises in the shared construction of search filters, where attacker-controlled label values supplied through SearchFilters.node_labels are concatenated directly into Cypher label expressions, bypassing necessary validation. This vulnerability is exploitable via direct access to the Graphiti MCP server or through prompt injection on an LLM client, leading to potential manipulation of entity_types values. Affected backends include Neo4j, FalkorDB, and Neptune; however, Kuzu remains secure as it utilizes parameterized label handling. The issue has been addressed in version 0.28.2.

Affected Version(s)

graphiti < 0.28.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2026-32247
Created by romain-deperne

References

https://github.com/getzep/graphiti/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/getzep/graphiti/pull/1312
x_refsource_MISC
https://github.com/getzep/graphiti/commit/7d65d5e77e89a19...
x_refsource_MISC

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.