{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/letta-ai/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["CVE-2026-4965","code-injection","letta-ai"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eletta-ai letta version 0.16.4 is vulnerable to remote code injection due to improper neutralization of directives in dynamically evaluated code within the \u003ccode\u003eresolve_type\u003c/code\u003e function of \u003ccode\u003eletta/functions/ast_parsers.py\u003c/code\u003e. This vulnerability, identified as CVE-2026-4965, is a consequence of an incomplete fix for CVE-2025-6101. An unauthenticated, remote attacker can exploit this flaw by manipulating input to inject arbitrary code. The exploit is publicly available, increasing the risk of widespread…\u003c/p\u003e\n","date_modified":"2026-03-27T18:16:06Z","date_published":"2026-03-27T18:16:06Z","id":"/briefs/2026-03-letta-ai-code-injection/","summary":"letta-ai letta version 0.16.4 contains a remote code injection vulnerability (CVE-2026-4965) in the resolve_type function of ast_parsers.py, stemming from improper neutralization of directives in dynamically evaluated code, allowing unauthenticated remote attackers to execute arbitrary code.","title":"letta-ai letta 0.16.4 Remote Code Injection Vulnerability (CVE-2026-4965)","url":"https://feed.craftedsignal.io/briefs/2026-03-letta-ai-code-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Letta-Ai","version":"https://jsonfeed.org/version/1.1"}