Submit #777654: letta-ai letta 0.16.4 CWE-95info

Titleletta-ai letta 0.16.4 CWE-95
Description# Technical Details A Remote Code Execution (RCE) vulnerability exists via eval() injection in the type annotation coercion mechanism of Letta. This is an incomplete fix for CVE-2025-6101. The patch for CVE-2025-6101 introduced a safe AST-based type resolver but kept an eval() fallback behind an allow_unsafe_eval flag. Although this flag defaults to False in the resolve_type() signature in letta/functions/ast_parsers.py (lines 55-86), it is hardcoded to True in the sandbox execution paths that call it. When a tool is executed, Letta coerces JSON arguments into Python types by evaluating their type annotations. An attacker can provide a malicious Python expression as a type annotation that bypasses the AST resolver and triggers the eval() fallback. # Vulnerable Code File: letta/functions/ast_parsers.py (lines 55-86) Method: resolve_type() Why: Uses eval(annotation, python_types) when allow_unsafe_eval=True. The python_types namespace includes vars(builtins), providing access to dangerous functions like __import__. File: letta/functions/helpers.py (in process_tool_arguments) Why: Calls resolve_type with allow_unsafe_eval=True hardcoded. # Reproduction 1. Deploy Letta v0.16.4. 2. Define a tool with a malicious type annotation: Example: def pxc(cmd: '__import__("os").popen("id").read()'): pass 3. Submit the tool and trigger its execution via POST /v1/tools/run. 4. The server evaluates the annotation during type coercion, executing the injected code. # Impact - Full Remote Code Execution (RCE) on the server. - Unauthenticated access to the underlying OS. - Potential for full system compromise.
Source⚠️ https://gist.github.com/YLChen-007/fc09bc447a73bba526c1642d9ce73ca5
User
 Eric-z (UID 95890)
Submission03/11/2026 14:45 (18 days ago)
Moderation03/27/2026 09:23 (16 days later)
StatusAccepted
VulDB entry353842 [letta-ai letta 0.16.4 Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!