CVE-2026-4965 | letta-ai letta 0.16.4 Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection

A vulnerability was found in letta-ai letta 0.16.4. It has been classified as critical. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code.

This vulnerability is identified as CVE-2026-4965. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4965 | letta-ai letta 0.16.4 Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection

Post correlati

CVE-2025-7570 | UTT HiPER 840G up to 3.1.1-190328 aspRemoteApConfTempSend remoteSrcTemp buffer overflow

CVE-2023-45177 | IBM MQ 9.0/9.1/9.2/9.3 Clustering denial of service (XFDB-268066)

CVE-2024-22293 | Andrea Tarantini BP Profile Search Plugin up to 5.5 on WordPress cross site scripting

CVE-2025-14836 | ZZCMS 2025 User Data Storage /reg/user_save.php cleartext storage in a file or on disk