CVE-2026-4964

Source
https://cve.org/CVERecord?id=CVE-2026-4964
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4964.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-4964
Published
2026-03-27T17:05:22.689Z
Modified
2026-07-08T08:05:21.007977529Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
letta-ai letta File URL message_helper.py _convert_message_create_to_message server-side request forgery
Details

A security vulnerability has been detected in letta-ai letta 0.16.4. This vulnerability affects the function convertmessagecreatetomessage of the file letta/helpers/messagehelper.py of the component File URL Handler. Such manipulation of the argument ImageContent leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "0.16.4"
                },
                {
                    "last_affected": "0.16.4"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/4xxx/CVE-2026-4964.json",
    "cna_assigner": "VulDB",
    "cwe_ids": [
        "CWE-918"
    ]
}
References

Affected packages

Git / github.com/letta-ai/letta

Affected ranges

Type
GIT
Repo
https://github.com/letta-ai/letta
Events
Database specific
{
    "source": "CPE_STRING",
    "cpe": "cpe:2.3:a:letta:letta:0.16.4:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0.16.4"
        },
        {
            "last_affected": "0.16.4"
        }
    ]
}

Affected versions

0.*
0.16.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-4964.json"