CVE-2026-58449
CriticalCVSS 9.8Exploitation Probability (EPSS)
Low risk50th percentile — higher than 50% of all known CVEs
Summary
A vulnerability in txtai up to version 9.10.0 (fixed in commit 11b32da) allows remote code execution via the /reindex API endpoint. The function body parameter is resolved by txtai.util.Resolver, which performs __import__ and getattr on the caller-supplied dotted path without any allowlist.
Risk Assessment
If the API is exposed without a configured TOKEN (authentication is opt-in) and the index is writable, an attacker can remotely execute arbitrary code on the server, e.g., via subprocess.getoutput. The risk is high but requires specific deployment conditions.
Recommendation
Immediately update txtai to a version containing commit 11b32da or later. Additionally, configure an authentication TOKEN for the API and set the index to read-only if possible.
Original NVD description (English source)
txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs __import__ and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured (authentication is opt-in, so all endpoints are unauthenticated) and the index is configured writable, a remote attacker can set function to an arbitrary callable such as subprocess.getoutput, achieving remote code execution as the server process during reindexing. Exploitation requires those deployment conditions (API exposed, no TOKEN, writable index); it is not the default configuration. The fix gates the endpoint behind a new reindex configuration flag.

