CVE-2026-58449 - txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter
CVE ID :CVE-2026-58449 Published : June 30, 2026, 9:06 p.m. | 2 hours, 5 minutes ago Description :txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs __import__ and getattr on the...