{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4965", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-03-27T08:23:13.784Z", "datePublished": "2026-03-27T17:41:46.743Z", "dateUpdated": "2026-03-27T19:57:06.561Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-27T17:41:46.743Z"}, "title": "letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-95", "lang": "en", "description": "Improper Neutralization of Directives in Dynamically Evaluated Code"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "Code Injection"}]}], "affected": [{"vendor": "letta-ai", "product": "letta", "versions": [{"version": "0.16.4", "status": "affected"}], "cpes": ["cpe:2.3:a:letta:letta:*:*:*:*:*:*:*:*"], "modules": ["Incomplete Fix CVE-2025-6101"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Once again VulDB remains the best source for vulnerability data."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-03-27T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-03-27T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-03-27T09:30:55.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Eric-z (VulDB User)", "type": "reporter"}, {"lang": "en", "value": "VulDB", "type": "coordinator"}], "references": [{"url": "https://vuldb.com/?id.353842", "name": "VDB-353842 | letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353842", "name": "VDB-353842 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.777654", "name": "Submit #777654 | letta-ai letta 0.16.4 CWE-95", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/fc09bc447a73bba526c1642d9ce73ca5", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T18:43:36.207961Z", "id": "CVE-2026-4965", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:57:06.561Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-4965", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T18:43:36.207961Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T18:43:39.344Z"}}], "cna": {"title": "letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection", "credits": [{"lang": "en", "type": "reporter", "value": "Eric-z (VulDB User)"}, {"lang": "en", "type": "coordinator", "value": "VulDB"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:letta:letta:*:*:*:*:*:*:*:*"], "vendor": "letta-ai", "modules": ["Incomplete Fix CVE-2025-6101"], "product": "letta", "versions": [{"status": "affected", "version": "0.16.4"}]}], "timeline": [{"lang": "en", "time": "2026-03-27T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-03-27T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-03-27T09:30:55.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.353842", "name": "VDB-353842 | letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.353842", "name": "VDB-353842 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.777654", "name": "Submit #777654 | letta-ai letta 0.16.4 CWE-95", "tags": ["third-party-advisory"]}, {"url": "https://gist.github.com/YLChen-007/fc09bc447a73bba526c1642d9ce73ca5", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Once again VulDB remains the best source for vulnerability data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-95", "description": "Improper Neutralization of Directives in Dynamically Evaluated Code"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "Code Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-03-27T17:41:46.743Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4965", "state": "PUBLISHED", "dateUpdated": "2026-03-27T19:57:06.561Z", "dateReserved": "2026-03-27T08:23:13.784Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-03-27T17:41:46.743Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Once again VulDB remains the best source for vulnerability data."}], "id": "CVE-2026-4965", "lastModified": "2026-03-27T18:16:06.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-03-27T18:16:06.590", "references": [{"source": "cna@vuldb.com", "url": "https://gist.github.com/YLChen-007/fc09bc447a73bba526c1642d9ce73ca5"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.353842"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.353842"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.777654"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-95"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T19:37:41.569469+00:00", "value": {"mitigation_remediation": ["Upgrade letta-ai to the latest stable release that includes the fix for this CVE.", "If an immediate upgrade is not feasible, disable or restrict the use of the resolve_type function to trusted sources and remove dynamic evaluation paths from exposed APIs.", "Apply rigorous input sanitization to block eval directives before they reach resolve_type.", "Enable logging and monitoring to detect anomalous input patterns or execution attempts related to dynamic code evaluation."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Affected vendor and product: letta-ai letta version 0.16.4. No other product versions are listed as impacted in the advisory. Users running this specific version should treat the installation as vulnerable.", "description_and_impact": "The vulnerability in letta-ai letta 0.16.4 stems from an incomplete fix that allows improper neutralization of directives in dynamically evaluated code within the resolve_type function of letta/functions/ast_parsers.py. This flaw provides an attacker, who can control the input remotely, the ability to inject arbitrary code that is subsequently executed by the application. The weakness is a classic \n \n execution of arbitrary code and improper input validation, reflected in CWEs 94 and 95. Payloads exploiting this vulnerability could compromise the confidentiality and integrity of the system\u2019s data and could also impact availability if the injected code is destructive.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate severity, with the potential for full remote code execution. The exploit is reported as publicly available, with no indication of a solution in the CISA KEV catalog. Attackers can initiate the exploit over the network, but the exact prerequisites are not detailed in the advisory. Without a public patch, the risk remains significant for any exposed instance of the affected version."}}}}, "created": "2026-03-27T20:27:56.162077+00:00", "updated": "2026-03-27T20:27:56.162113+00:00", "vendors": []}