DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

CVE-2026-32247: CVE-2026-32247: Cypher Injection in Graphiti via Insecure SearchFilter Interpolation

#security #cve #cybersecurity

CVE-2026-32247: Cypher Injection in Graphiti via Insecure SearchFilter Interpolation

Vulnerability ID: CVE-2026-32247
CVSS Score: 8.1
Published: 2026-03-12

Graphiti versions prior to 0.28.2 contain a high-severity Cypher injection vulnerability (CWE-943) in the search-filter construction logic for non-Kuzu backends. This flaw permits an attacker to execute arbitrary Cypher queries against the underlying database, either directly or via indirect prompt injection in Model Context Protocol (MCP) deployments.

TL;DR

A Cypher injection flaw in Graphiti < 0.28.2 allows low-privileged attackers to execute arbitrary database queries against Neo4j, FalkorDB, and Neptune backends via unsanitized search filters.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-943
  • Attack Vector: Network
  • CVSS Score: 8.1 (High)
  • Impact: High Confidentiality, High Integrity
  • Exploit Status: PoC Available
  • CISA KEV Status: Not Listed

Affected Systems

  • Graphiti API components
  • Graphiti MCP Server
  • Neo4j Backend Deployments
  • FalkorDB Backend Deployments
  • Neptune Backend Deployments
  • getzep/graphiti: < 0.28.2 (Fixed in: 0.28.2)

Code Analysis

Commit: 7d65d5e

Implement regex-based validation for Cypher identifiers to prevent injection.

Exploit Details

  • Regression Test PoC: PoC payloads demonstrating breakout and execution of DETACH DELETE via unvalidated labels.

Mitigation Strategies

  • Upgrade Graphiti to version 0.28.2 or later.
  • Apply the principle of least privilege to database service accounts, restricting destructive Cypher operations.
  • Implement intermediate validation layers for LLM tool-calling in MCP deployments.
  • Monitor database query logs for anomalous Cypher structures or comment markers.

Remediation Steps:

  1. Identify all deployments of getzep/graphiti across the infrastructure.
  2. Update the graphiti dependency in your environment via pip install --upgrade graphiti>=0.28.2 or equivalent package manager command.
  3. Verify the application test suite passes and that search filters correctly reject non-alphanumeric inputs.
  4. Review graph database logs for historical indicators of exploitation using known payload patterns.

References

Read the full report for CVE-2026-32247 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)