Letta
Products
1- Letta5 CVEspypi
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-4965 | Hig | 0.47 | 7.3 | 0.01 | Mar 27, 2026 | A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically… | ||
| CVE-2024-39025 | Hig | 0.42 | 7.5 | 0.00 | Dec 27, 2024 | Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data. | ||
| CVE-2026-4964 | Med | 0.41 | 6.3 | 0.00 | Mar 27, 2026 | A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to… | ||
| CVE-2025-6101 | Med | 0.36 | 5.5 | 0.00 | Jun 16, 2025 | A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in… | ||
| CVE-2025-51482 | 0.00 | — | 0.02 | Jul 22, 2025 | Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions. |
- risk 0.47cvss 7.3epss 0.01
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically…
- risk 0.42cvss 7.5epss 0.00
Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data.
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to…
- risk 0.36cvss 5.5epss 0.00
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in…
- CVE-2025-51482Jul 22, 2025risk 0.00cvss —epss 0.02
Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions.