top of page
perceptive_background_267k.jpg

A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component …

Published:

26 maart 2026 om 23:00:00

Alert date:

27 maart 2026 om 20:07:04

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Supply Chain & Dependencies

A remote code injection vulnerability (CVE-2026-4965) was discovered in letta-ai letta version 0.16.4, affecting the resolve_type function in ast_parsers.py. This vulnerability represents an incomplete fix for CVE-2025-6101 and allows improper neutralization of directives in dynamically evaluated code. The attack can be initiated remotely and exploits are now publicly available. The vendor was contacted but did not respond to disclosure attempts.

Technical details

Mitigation steps:

Affected products:

letta-ai letta

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-4965
https://gist.github.com/YLChen-007/fc09bc447a73bba526c1642d9ce73ca5
https://vuldb.com/?ctiid.353842
https://vuldb.com/?id.353842
https://vuldb.com/?submit.777654

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page