Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2026-4965

7.3 HIGH

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

created 3 weeks, 1 day ago

letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection

A vulnerability was detected in letta-ai letta 0.16.4. This issue affects the function resolve_type of the file letta/functions/ast_parsers.py of the component Incomplete Fix CVE-2025-6101. Performing a manipulation results in improper neutralization of directives in dynamically evaluated code. The attack can be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

VDB-353842 | letta-ai letta Incomplete Fix CVE-2025-6101 ast_parsers.py resolve_type eval injection vdb-entrytechnical-description
VDB-353842 | CTI Indicators (IOB, IOC, IOA) signaturepermissions-required
Submit #777654 | letta-ai letta 0.16.4 CWE-95 third-party-advisory
https://gist.github.com/YLChen-007/fc09bc447a73bba526c1642d9ce73ca5 exploit

Affected products

letta

==0.16.4

Matching in nixpkgs

pkgs.python312Packages.palettable

Library of color palettes

nixos-25.11 3.3.3
- nixos-25.11-small 3.3.3
- nixpkgs-25.11-darwin 3.3.3

pkgs.python313Packages.palettable

Library of color palettes

nixos-unstable 3.3.3
- nixpkgs-unstable 3.3.3
- nixos-unstable-small 3.3.3
nixos-25.11 3.3.3
- nixos-25.11-small 3.3.3
- nixpkgs-25.11-darwin 3.3.3

pkgs.python314Packages.palettable

Library of color palettes

nixos-unstable 3.3.3
- nixpkgs-unstable 3.3.3
- nixos-unstable-small 3.3.3

Package maintainers

@PsyanticY Psyanticy <iuns@outlook.fr>