CVE-2026-41283
Awaiting Analysis
Awaiting Analysis - Queue
Arbitrary Remote Code Execution in OpenStack Mistral
Vulnerability report for CVE-2026-41283, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-06-04
Last updated on: 2026-07-08
Assigner: MITRE
Description
Description
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openstack | mistral | From 20.0.0 (inc) to 20.1.1 (exc) |
| openstack | mistral | 21.0.0 |
| openstack | mistral | 22.0.0 |
| openstack | mistral | 2024.2-eol |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-749 | The product provides an Applications Programming Interface (API) or similar interface for interaction with external actors, but the interface includes a dangerous method or function that is not properly restricted. |
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |