5 matches found
Improper Neutralization of Special Elements in Data Query Logic
Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Data Query Logic through the GraphCypherQAChain request handling and graph.query execution path in GraphCypherQAChain.ts. An attacker can force...
CVE-2026-32247
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
CVE-2026-32247 Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters
Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.nodelabel...
CVE-2026-32247
Graphiti CVE-2026-32247 is a Cypher injection vulnerability in pre-0.28.2 releases where attacker-controlled values fed into SearchFilters.node_labels were concatenated into Cypher label expressions. The issue affected non-Kuzu backends (Neo4j, FalkorDB, Neptune) and could be exploited via MCP de...
PT-2026-25057
Summary Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.node labels were concatenated directly into Cypher label expressions without validation. I...