CVE-2026-33286 - Vulnerability Analysis

Overview

Graphiti < 1.10.2 contains an arbitrary method execution vulnerability caused by unvalidated relationship names in JSONAPI write payloads, letting attackers invoke any public method on model instances or classes, exploit requires access to write endpoints.

Severity & Score

Impact

Attackers can execute arbitrary public methods on models, potentially causing data destruction or unauthorized actions.

Mitigation

Upgrade to Graphiti version 1.10.2 or later.

References

• https://github.com/graphiti-api/graphiti/commit/ddb5ad2b69330774bd1a47935ed89a9fe4396a54
• https://github.com/graphiti-api/graphiti/releases/tag/v1.10.2
• https://github.com/graphiti-api/graphiti/security/advisories/GHSA-3m5v-4xp5-gjg2

Social Media Activity(1 post)

Yazoul - Cybersecurity Alerts

@Matchbook3469

Mar 26, 2026

🔴 New security advisory: CVE-2026-33286 affects multiple systems. • Impact: Remote code execution or complete system compromise possible • Risk: Attackers can gain full control of affected systems • Mitigation: Patch immediately or isolate affected systems Full breakdown: https://www.yazoul.net/advisory/cve/cve-2026-33286-graphiti-arbitrary-method-execution #Cybersecurity #ZeroDay #ThreatIntel

View original post

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner