VYPR
Vendor

Letta

Products
1
CVEs
5
Across products
5
Status
Private

Products

1

Recent CVEs

5
  • CVE-2026-4965HigMar 27, 2026
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically…

  • CVE-2024-39025HigDec 27, 2024
    risk 0.42cvss 7.5epss 0.00

    Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data.

  • CVE-2026-4964MedMar 27, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function _convert_message_create_to_message of the file letta/helpers/message_helper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to…

  • CVE-2025-6101MedJun 16, 2025
    risk 0.36cvss 5.5epss 0.00

    A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in…

  • CVE-2025-51482Jul 22, 2025
    risk 0.00cvss epss 0.02

    Remote Code Execution in letta.server.rest_api.routers.v1.tools.run_tool_from_source in letta-ai Letta 0.7.12 allows remote attackers to execute arbitrary Python code and system commands via crafted payloads to the /v1/tools/run endpoint, bypassing intended sandbox restrictions.