Lucene search
K

4 matches found

EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40418

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References5
NVD
NVD
added 2026/06/30 10:16 p.m.8 views

CVE-2026-58449

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS0.00725EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 9:6 p.m.33 views

CVE-2026-58449 txtai - Unauthenticated Remote Code Execution via Unsafe Reflection in API /reindex function Parameter

txtai through 9.10.0, fixed in commit 11b32da, exposes an API /reindex endpoint whose function body parameter is resolved through txtai.util.Resolver, which performs import and getattr on the caller-supplied dotted path with no allowlist. When the API is exposed with no TOKEN configured...

9.8CVSS0.00725EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.4 views

PT-2026-53998

Name of the Vulnerable Software and Affected Versions txtai versions prior to 9.10.1 Description The software exposes an API endpoint '/reindex' where the function body parameter is processed by txtai.util.Resolver. This resolver performs import and getattr on a dotted path provided by the user...

9.8CVSS6.5AI score0.00725EPSS
Exploits0References7
Rows per page
Query Builder