Executive Summary

CVE-2026-41283 is a vulnerability in OpenStack Mistral that allows arbitrary remote code execution when the API is exposed.

Specifically, certain endpoints permit authenticated users to bypass policy enforcement, create public resources, and upload arbitrary code that executes on Mistral executor workers.

This flaw enables attackers to run malicious code remotely and potentially extract sensitive information such as service credentials.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including complete compromise of the affected system.

• An attacker with authenticated access can execute arbitrary code remotely on Mistral executor workers.
• Sensitive data, including service credentials, can be exfiltrated by the attacker.
• The vulnerability has a high severity score (CVSS 9.9), indicating critical impact on confidentiality, integrity, and availability.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate CVE-2026-41283, you should upgrade OpenStack Mistral to a patched version. Multiple patches have been released addressing this issue across different Mistral versions, including 2025.1/epoxy, 2025.2/flamingo, 2026.1/gazpacho, and 2026.2/hibiscus.

Avoid exposing the Mistral API publicly to reduce the risk of exploitation.

If you are using older or end-of-life releases such as 2024.2-eol, consider upgrading to a supported version to ensure you receive security updates.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in OpenStack Mistral allows arbitrary remote code execution and exfiltration of service credentials, which can lead to unauthorized access to sensitive data.

Such unauthorized access and potential data breaches could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and proper access controls.

Exfiltration of service credentials and execution of arbitrary code represent significant security failures that may result in violations of data protection requirements under these regulations.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability affects OpenStack Mistral versions >=20.0.0 <20.1.1, ==21.0.0, and ==22.0.0 when the Mistral API is exposed. Detection involves identifying if your deployment is running one of these vulnerable versions and if the Mistral API endpoints are accessible.

To detect the vulnerability on your system, you should first verify the Mistral version installed. For example, you can run a command on the system hosting Mistral to check the version:

• mistral --version

Next, check if the Mistral API is exposed and accessible from your network. You can use curl or similar tools to query the API endpoints that are known to be vulnerable to arbitrary code execution. For example:

• curl -v http://<mistral-api-endpoint>/v2/executions

Since the vulnerability allows authenticated users to create public resources and upload arbitrary code, testing for policy enforcement bypass requires authenticated API requests. You can attempt to authenticate and then test creating public resources or uploading workflows to see if access controls are enforced.

There are no specific detection commands provided in the resources, but the general approach is to verify the version, confirm API exposure, and test for unauthorized resource creation or code execution capabilities.

Useful 0 Not Useful 0