CVE-2026-41283 | THREATINT

Description

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

PUBLISHED Reserved 2026-04-20 | Published 2026-06-04 | Updated 2026-06-04 | Assigner mitre

CRITICAL: 9.9CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Problem types

CWE-863 Incorrect Authorization

Product status

Default status

unaffected

20.0.0 (semver) before 20.1.1

affected

21.0.0 (semver)

affected

22.0.0 (semver)

affected

References

www.openwall.com/lists/oss-security/2026/06/03/14

github.com/openstack/mistral/tags

www.openwall.com/lists/oss-security/2026/06/03/14

security.openstack.org/ossa/OSSA-2026-020.html

cve.org (CVE-2026-41283)

nvd.nist.gov (CVE-2026-41283)

Download JSON