News

Application security news, updated daily (if there is any news to share).

Graphiti patches arbitrary method execution in JSON:API write endpoints

CVE-2026-33286 is a critical Graphiti JSON:API write-path flaw allowing unauthenticated attackers to invoke arbitrary public model methods via crafted relationship names on exposed endpoints.

NewsRubyAPI Security

2 min23 Mar 2026

Loading news…

Content is AI-assisted and reviewed by our team, but issues may be missed and best practices evolve rapidly, send corrections to [email protected]. Always consult official documentation and validate key implementation decisions before making design or security choices.