An issue was discovered in llama_index before 0.10.38. download/integration.py includes an exec call for import {cls_name}.
download/integration.py
import {cls_name}
"https://github.com/pypa/advisory-database/blob/main/vulns/llama-index-core/PYSEC-2026-395.yaml"