19 matches found
CVE-2026-4965
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
EUVD-2026-16736
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
CVE-2026-4965
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
CVE-2026-4965
CVE-2026-4965 affects letta-ai letta 0.16.4. The vulnerability resides in letta/functions/ast_parsers.py, in the resolve_type function, where improper neutralization of directives in dynamically evaluated code enables remote arbitrary-code execution. The issue is linked to an incomplete fix for C...
CVE-2026-4965
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
CVE-2026-4965 letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
CVE-2026-4964
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
CVE-2026-4964 letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
CVE-2026-4964 letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
PT-2026-28691
Name of the Vulnerable Software and Affected Versions letta-ai letta version 0.16.4 Description A flaw exists in the resolve type function within the letta/functions/ast parsers.py file. This issue involves improper neutralization of directives in dynamically evaluated code, potentially allowing...
Letta-ai letta 安全漏洞
Letta-ai letta is an open-source stateful proxy framework developed by Letta-ai, featuring memory management, reasoning capabilities, and context handling. Version 0.16.4 of Letta-ai letta contains a security vulnerability caused by incorrect handling of the parameter ImageContent in the file...
EUVD-2025-22345
Malicious code in bioql PyPI...
CVE-2025-51482
Remote Code Execution in letta.server.restapi.routers.v1.tools.runtoolfromsource in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions...
Letta-ai letta 代码注入漏洞
Letta-ai letta is a stateful agent framework with memory, inference, and context management from the Letta-ai open source. A security vulnerability exists in Letta-ai letta version 0.7.12, which originates in the /v1/tools/run endpoint and allows the execution of arbitrary Python code and system...
CVE-2025-6101
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function functionmessage of the file letta/letta/interface.py. The manipulation of the argument functionname/functionargs leads to improper neutralization of directives in dynamically evaluated...
CVE-2025-6101
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function functionmessage of the file letta/letta/interface.py. The manipulation of the argument functionname/functionargs leads to improper neutralization of directives in dynamically evaluated...
CVE-2025-6101 letta-ai letta interface.py function_message eval injection
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function functionmessage of the file letta/letta/interface.py. The manipulation of the argument functionname/functionargs leads to improper neutralization of directives in dynamically evaluated...
letta-ai letta 安全漏洞
Letta-ai letta is a stateful agent framework with memory, inference, and context management in the Letta-ai open source. A security vulnerability exists in letta-ai letta version 0.4.1 and earlier, which stems from a dynamic code evaluation malpractice issue that could lead to the execution of...
PT-2025-25512 · Letta-Ai · Letta-Ai
Name of the Vulnerable Software and Affected Versions: letta-ai letta versions up to 0.4.1 Description: A critical issue has been found in the function function message of the file letta/letta/interface.py. The manipulation of the argument function name/function args leads to improper...