LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-32247

CVE-2026-32247 - Vulnerability Analysis

HighCVSS: 8.1

Last Updated: March 12, 2026

Graphiti - NoSQL Injection

Published: March 12, 2026Updated: March 12, 2026Remote Exploitable

Overview

Graphiti < 0.28.2 contains a Cypher injection caused by unvalidated concatenation of attacker-controlled label values in shared search-filter construction for non-Kuzu backends, letting attackers execute arbitrary Cypher queries, exploit requires attacker-controlled input via SearchFilters.node_labels or LLM prompt injection.

Severity & Score

Severity: High
CVSS Score: 8.1
EPSS Score: 3.2%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary Cypher queries on affected backends, potentially leading to data manipulation or disclosure.

Mitigation

Update to version 0.28.2 or later.

References

Social Media Activity(1 post)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 12, 2026

šŸŸ  CVE-2026-32247 - High (8.1) Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled lab... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-32247/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-32247
Severity
High
CVSS Score
8.1
Type
nosql_injection
Status
unconfirmed
EPSS
3.2%
Social Posts
1

CWE

  • CWE-943

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

EPSS Score

3.2%Probability of exploitation in the next 30 days