44 matches found
Letta Letta 0.7.12 - Remote Code Execution
Letta 0.7.12 is vulnerable to remote code execution via POST /v1/tools/run in letta.server.restapi.routers.v1.tools.runtoolfromsource, allowing attackers to execute arbitrary Python and OS commands via crafted tool source code. id: CVE-2025-51482 info: name: Letta Letta 0.7.12 - Remote Code...
CVE-2026-4964
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
CVE-2026-4965
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
Server-side Request Forgery (SSRF)
Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the convertmessagecreatetomessage function in the File URL Handler component when processing the ImageContent argument. An attacker...
Eval Injection
Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Eval Injection via the resolvetype function. An attacker can execute arbitrary code by supplying crafted input that is improperly neutralized before being evaluated. No...
letta-nory (=0.1.0) potentially affected by CVE-2025-6101 +1 more via letta (=0.16.8)
letta PYPI version =0.16.8 is affected by a known vulnerability. The following packages have a transitive dependency on letta and may be impacted: - letta-nory =0.1.0 Source cves: CVE-2025-6101, CVE-2026-4965 Source advisory: SNYK:PYTHON-LETTA-15874391...
EUVD-2026-16727
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
EUVD-2026-16736
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
CVE-2026-4965
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
CVE-2026-4965
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
CVE-2026-4965 letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
CVE-2026-4965
CVE-2026-4965 affects letta-ai letta 0.16.4. The vulnerability resides in letta/functions/ast_parsers.py, in the resolve_type function, where improper neutralization of directives in dynamically evaluated code enables remote arbitrary-code execution. The issue is linked to an incomplete fix for C...
CVE-2026-4965 letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolvetype of the file letta/functions/astparsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The...
CVE-2026-4964
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
CVE-2026-4964 letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
CVE-2026-4964
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
CVE-2026-4964 letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
CVE-2026-4964
The vulnerability CVE-2026-4964 affects letta-ai letta 0.16.4, specifically the function _convert_message_create_to_message in letta/helpers/message_helper.py (File URL Handler). It enables server-side request forgery through manipulation of ImageContent, with remote exploitation possible. Public...
CVE-2026-4964 letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request...
Letta-ai letta 安全漏洞
Letta-ai letta is an open-source stateful proxy framework developed by Letta-ai, featuring memory management, reasoning capabilities, and context handling. Version 0.16.4 of letta-ai letta contains a security vulnerability. This vulnerability arises from incorrect operations on functions in the...