diff --git a/stubs/Reflection.phpstub b/stubs/Reflection.phpstub
index 82d2090cc..43b74f879 100644
--- a/stubs/Reflection.phpstub
+++ b/stubs/Reflection.phpstub
@@ -15,6 +15,7 @@ class ReflectionClass implements Reflector {
     /**
      * @param T|class-string<T>|interface-string<T>|trait-string|enum-string<T> $argument
      * @psalm-pure
+     * @psalm-taint-sink callable $argument
      */
     public function __construct($argument) {}
 
@@ -411,6 +412,11 @@ abstract class ReflectionFunctionAbstract implements Reflector
     /** @psalm-pure */
     public function getClosure(): Closure {}
 
+    /**
+     * @psalm-taint-sink callable $function
+     */
+    public function __construct(callable $function) {}
+
     /**
      * @since 8.0
      * @template TClass as object
diff --git a/tests/TaintTest.php b/tests/TaintTest.php
index e0610c802..62e45c108 100644
--- a/tests/TaintTest.php
+++ b/tests/TaintTest.php
@@ -2488,6 +2488,19 @@ class TaintTest extends TestCase
                 'code' => '<?php
                     echo pg_escape_string($conn, $_GET["a"]);',
                 'error_message' => 'TaintedHtml',
+            'taintedReflectionClass' => [
+                'code' => '<?php
+                    $name = $_GET["name"];
+                    $reflector = new ReflectionClass($name);
+                    $reflector->newInstance();',
+                'error_message' => 'TaintedCallable',
+            ],
+            'taintedReflectionFunction' => [
+                'code' => '<?php
+                    $name = $_GET["name"];
+                    $function = new ReflectionFunction($name);
+                    $function->invoke();',
+                'error_message' => 'TaintedCallable',
             ],
         ];
     }