https://feed.craftedsignal.io/tags/cve-2026-4965/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioFri, 27 Mar 2026 18:16:06 +0000https://feed.craftedsignal.io/briefs/2026-03-letta-ai-code-injection/Fri, 27 Mar 2026 18:16:06 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-letta-ai-code-injection/letta-ai letta version 0.16.4 contains a remote code injection vulnerability (CVE-2026-4965) in the resolve_type function of ast_parsers.py, stemming from improper neutralization of directives in dynamically evaluated code, allowing unauthenticated remote attackers to execute arbitrary code.letta-ai letta version 0.16.4 is vulnerable to remote code injection due to improper neutralization of directives in dynamically evaluated code within the resolve_type function of letta/functions/ast_parsers.py. This vulnerability, identified as CVE-2026-4965, is a consequence of an incomplete fix for CVE-2025-6101. An unauthenticated, remote attacker can exploit this flaw by manipulating input to inject arbitrary code. The exploit is publicly available, increasing the risk of widespread…

]]>criticaladvisoryCVE-2026-4965code-injectionletta-ai