GHSA-gg5m-55jj-8m5g: Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters
Summary
Graphiti versions before 0.28.2 had a Cypher injection vulnerability (a type of attack where malicious code is hidden in user input to manipulate database queries) in its search filters for non-Kuzu database backends. Attackers could exploit this by providing crafted labels through SearchFilters.node_labels or, in MCP deployments (a system where an AI model can call external tools), through prompt injection (tricking an LLM into executing attacker-controlled commands) to execute arbitrary database operations like reading, modifying, or deleting data.
Solution / Mitigation
Upgrade to version 0.28.2 or later. Version 0.28.2 added validation of SearchFilters.node_labels, defense-in-depth label validation in shared search-filter constructors, validation of entity node labels in persistence query builders, and validation of group_ids in shared search fulltext helpers. If you cannot upgrade immediately, do not expose Graphiti MCP tools to untrusted users or LLM workflows processing untrusted prompts, avoid passing untrusted values into SearchFilters.node_labels or MCP entity_types, and restrict graph database credentials to minimum required privileges.
Vulnerability Details
EPSS: 0.0%
Yes
March 12, 2026
Classification
Taxonomy References
Affected Vendors
Affected Packages
Related Issues
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive
Original source: https://github.com/advisories/GHSA-gg5m-55jj-8m5g
First tracked: March 12, 2026 at 04:00 PM
Classified by LLM (prompt v3) · confidence: 92%