提出 #777654: letta-ai letta 0.16.4 CWE-95情報

タイトル	letta-ai letta 0.16.4 CWE-95
説明	# Technical Details A Remote Code Execution (RCE) vulnerability exists via eval() injection in the type annotation coercion mechanism of Letta. This is an incomplete fix for CVE-2025-6101. The patch for CVE-2025-6101 introduced a safe AST-based type resolver but kept an eval() fallback behind an allow_unsafe_eval flag. Although this flag defaults to False in the resolve_type() signature in letta/functions/ast_parsers.py (lines 55-86), it is hardcoded to True in the sandbox execution paths that call it. When a tool is executed, Letta coerces JSON arguments into Python types by evaluating their type annotations. An attacker can provide a malicious Python expression as a type annotation that bypasses the AST resolver and triggers the eval() fallback. # Vulnerable Code File: letta/functions/ast_parsers.py (lines 55-86) Method: resolve_type() Why: Uses eval(annotation, python_types) when allow_unsafe_eval=True. The python_types namespace includes vars(builtins), providing access to dangerous functions like __import__. File: letta/functions/helpers.py (in process_tool_arguments) Why: Calls resolve_type with allow_unsafe_eval=True hardcoded. # Reproduction 1. Deploy Letta v0.16.4. 2. Define a tool with a malicious type annotation: Example: def pxc(cmd: '__import__("os").popen("id").read()'): pass 3. Submit the tool and trigger its execution via POST /v1/tools/run. 4. The server evaluates the annotation during type coercion, executing the injected code. # Impact - Full Remote Code Execution (RCE) on the server. - Unauthenticated access to the underlying OS. - Potential for full system compromise.
ソース	⚠️ https://gist.github.com/YLChen-007/fc09bc447a73bba526c1642d9ce73ca5
ユーザー	Eric-z (UID 95890)
送信	2026年03月11日 14:45 (18 日 ago)
モデレーション	2026年03月27日 09:23 (16 days later)
ステータス	承諾済み
VulDBエントリ	353842 [letta-ai letta 0.16.4 Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type リモートコード実行]
ポイント	20

◂ 前概要次 ▸

Might our Artificial Intelligence support you?

Check our Alexa App!