CVE-2026-58449
neuml · txtai
The txtai API /reindex endpoint is vulnerable to remote code execution due to improper input validation in the function parameter, which allows arbitrary code execution if authentication is disabled.
Executive summary
A critical remote code execution vulnerability in txtai allows unauthorized attackers to run arbitrary commands on the server when the API is exposed without token-based authentication.
Vulnerability
The /reindex endpoint fails to validate the function body parameter, which is resolved via txtai.util.Resolver. When the API is deployed without a mandatory TOKEN, an unauthenticated attacker can supply a malicious callable, such as subprocess.getoutput, to execute commands on the host.
Business impact
With a CVSS score of 9.8, this vulnerability allows an attacker to gain full command execution under the privileges of the application process. This could lead to complete system takeover, unauthorized access to the underlying data, and the ability to move laterally within the environment.
Remediation
Immediate Action: Update txtai to the latest version and ensure that the new reindex configuration flag is properly implemented to secure the endpoint.
Proactive Monitoring: Review application logs for unauthorized calls to the /reindex endpoint and monitor for unexpected subprocess creation or shell activity emanating from the txtai process.
Compensating Controls: Immediately enable token-based authentication for the txtai API and place the service behind a Web Application Firewall (WAF) to filter suspicious requests attempting to reach the /reindex endpoint.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Organizations using txtai must treat this as a critical update. If the API is currently exposed without authentication, it is highly recommended to take the service offline until the patch is applied and security tokens are correctly configured to prevent unauthorized command execution.