VYPR
Medium severity6.3NVD Advisory· Published Mar 27, 2026· Updated Apr 29, 2026

CVE-2026-4964

CVE-2026-4964

Description

A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Letta/Letta2 versions
    cpe:2.3:a:letta:letta:0.16.4:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:letta:letta:0.16.4:*:*:*:*:*:*:*
    • (no CPE)range: = 0.16.4

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.