A vulnerability marked as critical has been reported in neuml txtai up to 9.10.0. Affected is the function txtai.util.Resolver of the component Fix Gates Endpoint. The manipulation leads to code injection.

This vulnerability is uniquely identified as CVE-2026-58449. The attack is possible to be carried out remotely. No exploit exists.

It is suggested to upgrade the affected component.