Graphiti vulnerable to Cypher Injection via unsanitized node_labels in search filters

Graphiti is a framework for building and querying temporal context graphs for AI agents. Graphiti versions before 0.28.2 contained a Cypher injection vulnerability in shared search-filter construction for non-Kuzu backends. Attacker-controlled label values supplied through SearchFilters.node_labels were concatenated directly into Cypher label expressions without validation. In MCP deployments, this was exploitable not only through direct untrusted access to the Graphiti MCP server, but also through prompt injection against an LLM client that could be induced to call search_nodes with attacker-controlled entity_types values. The MCP server mapped entity_types to SearchFilters.node_labels, which then reached the vulnerable Cypher construction path. Affected backends included Neo4j, FalkorDB, and Neptune. Kuzu was not affected by the label-injection issue because it used parameterized label handling rather than string-interpolated Cypher labels. This issue was mitigated in 0.28.2.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

数据查询逻辑中特殊元素的不当中和

Graphiti 安全漏洞

Graphiti是Zep开源的一个为AI代理构建时序上下文图的框架。 Graphiti 0.28.2之前版本存在安全漏洞，该漏洞源于非Kuzu后端的共享搜索过滤器构建中存在Cypher注入，可能导致攻击者执行任意Cypher查询。

N/A

N/A