Description
A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Published: 2026-03-27
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The flaw lies in the resolve_type function of letta-ai letta 0.16.4, where input is directly passed to eval without proper sanitization. This flaw allows attackers to execute arbitrary code through crafted inputs, potentially compromising the host system. The vulnerability corresponds to code injection weaknesses, specifically dynamic code execution (CWE-94) and unsafe eval usage (CWE-95).

Affected Systems

The issue is present in the letta-ai letta application, version 0.16.4. No other versions are identified in the vendor data, and the vendor name is letta-ai with the product letta. The common platform enumeration indicates a generic application code base exposed to user input.

Risk and Exploitability

The CVSS base score is 6.9, placing the vulnerability in the medium to high risk range. EPSS data is not available, but publicly available exploit code confirms that the issue can be leveraged remotely. The attacker can trigger the flaw from outside the application, and because no mitigation was released by the vendor, the risk remains until the software is updated or alternative safeguards are applied. The vulnerability is not yet listed in the KEV catalog, suggesting it may not have widespread exploitation yet, yet the public exploit increases the likelihood of future attacks.

Generated by OpenCVE AI on March 28, 2026 at 06:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest version of letta-ai letta that resolves the resolve_type eval injection flaw.
  • If no patch is available, sanitize or block inputs that reach resolve_type to prevent unsanitized data from being evaluated.
  • Disable or restrict remote interfaces that can supply untrusted data to the resolve_type function.
  • Monitor the vendor’s website, advisories, and vulnerability databases for an official patch or additional mitigations.
  • Replace the eval-based logic with a safer parsing mechanism if a timely update is unavailable.

Generated by OpenCVE AI on March 28, 2026 at 06:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 28 Mar 2026 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Once again VulDB remains the best source for vulnerability data. A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 18:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Once again VulDB remains the best source for vulnerability data.
Title letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection
First Time appeared Letta
Letta letta
Weaknesses CWE-94
CWE-95
CPEs cpe:2.3:a:letta:letta:*:*:*:*:*:*:*:*
Vendors & Products Letta
Letta letta
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Letta Letta
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-03-27T22:07:55.514Z

Reserved: 2026-03-27T08:23:13.784Z

Link: CVE-2026-4965

cve-icon Vulnrichment

Updated: 2026-03-27T18:43:39.344Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-27T18:16:06.590

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-4965

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-30T07:59:31Z

Weaknesses