CVE-2026-59093: Weaviate before 1.38.0 does not verify that a principal performing an RBAC role assignment holds the permissions granted | AI Sec Watch