CVE-2026-41283
Awaiting Analysis
Awaiting Analysis - Queue
Arbitrary Remote Code Execution in OpenStack Mistral
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: MITRE
Description
Description
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openstack | mistral | From 20.0.0 (inc) to 20.1.1 (exc) |
| openstack | mistral | 21.0.0 |
| openstack | mistral | 22.0.0 |
| openstack | mistral | 2024.2-eol |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |