Lucene search
K

5 matches found

Vulnrichment
Vulnrichment
added 2026/03/23 11:52 p.m.3 views

CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

9.1CVSS6.1AI score0.00632EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/03/23 11:52 p.m.23 views

CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

9.1CVSS0.00632EPSS
Exploits0References3
CVE
CVE
added 2026/03/23 11:52 p.m.10 views

CVE-2026-33286

CVE-2026-33286 (Graphiti) affects Graphiti prior to 1.10.2. The vulnerability arises because Graphiti::Util::ValidationResponse#all_valid? calls model.send(name) using relationship names directly from user-supplied JSONAPI payloads during write operations (create/update/delete) without validating...

9.1CVSS6.1AI score0.00632EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/23 11:52 p.m.3 views

CVE-2026-33286 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Graphiti is a framework that sits on top of models and exposes them via a JSON:API-compliant interface. Versions prior to 1.10.2 have an arbitrary method execution vulnerability that affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary...

9.1CVSS6.2AI score0.00632EPSS
Exploits0References5
OSV
OSV
added 2026/03/20 3:58 p.m.3 views

GHSA-3M5V-4XP5-GJG2 Graphiti Affected by Arbitrary Method Execution via Unvalidated Relationship Names

Summary An arbitrary method execution vulnerability has been found which affects Graphiti's JSONAPI write functionality. An attacker can craft a malicious JSONAPI payload with arbitrary relationship names to invoke any public method on the underlying model instance, class or its associations...

9.1CVSS6AI score0.00632EPSS
Exploits0References6
Rows per page
Query Builder