SYS::ONLINE
Wasteland.
Briefs1061
Issues17
SinceFeb 2026
LIVE
⚡ Active KEV CVE-2026-58449 2026-06-30

CVE-2026-58449: Unauthenticated RCE in txtai API /reindex Endpoint

"A critical unsafe-reflection flaw in the txtai API lets a remote, unauthenticated attacker execute arbitrary code on the server under specific deployment conditions."

A critical unsafe-reflection flaw in the txtai API lets a remote, unauthenticated attacker execute arbitrary code on the server under specific deployment conditions.

What Is It

CVE-2026-58449 is a remote code execution vulnerability in neuml's txtai through version 9.10.0. The API's /reindex endpoint resolves its function body parameter through txtai.util.Resolver, which performs __import__ and getattr on a caller-supplied dotted path with no allowlist. Because authentication is opt-in, when the API is exposed with no TOKEN configured all endpoints are unauthenticated. If the index is also configured writable, an attacker can set function to an arbitrary callable, such as subprocess.getoutput, achieving code execution as the server process during reindexing. The weakness is classified as CWE-94 (Code Injection).

Why It Matters

The flaw carries a CVSS 3.1 base score of 9.8 (CRITICAL), vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, with a secondary CVSS 4.0 score of 9.3. Attack vector is network-based, attack complexity is low, and no privileges or user interaction are required. A successful attack yields high impact to confidentiality, integrity, and availability, running code as the server process. Note that exploitation is not possible in the default configuration; it requires the API to be exposed, no TOKEN set, and a writable index.

What's Vulnerable

Exploitation is limited to deployments where the API is exposed, no TOKEN is configured, and the index is writable.

Patch Status

The issue is fixed in commit 11b32da. The fix gates the /reindex endpoint behind a new reindex configuration flag. Operators should upgrade to a build that includes this commit. As interim mitigation, the source material indicates the risk depends on deployment conditions; configuring a TOKEN (enabling authentication) and avoiding an exposed, writable index removes the preconditions for exploitation. This CVE is not present in the supplied CISA KEV data, so there is no confirmation of active exploitation.

Sources