Arbitrary Code Injection

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Arbitrary Code Injection via the runlocaldirsandboxdirectly function in the toolexecutionsandbox.py file. An attacker can execute arbitrary Python code and system...

CVE-2025-51482

Remote Code Execution in letta.server.restapi.routers.v1.tools.runtoolfromsource in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions...

CVE-2025-6101

A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function functionmessage of the file letta/letta/interface.py. The manipulation of the argument functionname/functionargs leads to improper neutralization of directives in dynamically evaluated...

Missing Authorization

Overview letta is a Create LLM agents with long-term memory and custom tools Affected versions of this package are vulnerable to Missing Authorization on the /users endpoint, which does not check for authorization before returning data from the getallusers function. Remediation Upgrade letta to...