SCA: security update for graphiti-core (GHSA-gg5m-55jj-8m5g)

high Tenable Cloud Security Plugin ID 438691

Description

There are packages installed that are affected by a vulnerability referenced in the following CVE:

- Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions
before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu
backends. Attacker-controlled label values supplied through SearchFilters.node_labels were concatenated
directly into Cypher label expressions without validation. In MCP deployments, this was exploitable not
only through direct untrusted access to the Graphiti MCP server, but also through prompt injection against
an LLM client that could be induced to call search_nodes with attacker-controlled entity_types values. The
MCP server mapped entity_types to SearchFilters.node_labels, which then reached the vulnerable Cypher
construction path. Affected backends included Neo4j, FalkorDB, and Neptune. Kuzu was not affected by the
label-injection issue because it used parameterized label handling rather than string-interpolated Cypher
labels. This issue was mitigated in 0.28.2. (CVE-2026-32247)

Solution

Update the graphiti-core library and its related packages to version 0.28.2 or later.

See Also

https://github.com/advisories/GHSA-gg5m-55jj-8m5g

Plugin Details

Severity: High

ID: 438691

Version: Revision 1.8

Type: Local

Family: SCA Checks

Published: 3/12/2026

Updated: 7/2/2026

Supported Sensors: Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.3

Percentile: 53.59

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

CVSS Score Source: CVE-2026-32247

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/12/2026

Vulnerability Publication Date: 3/12/2026

Reference Information

CVE: CVE-2026-32247

cwe: CWE-943