CVE-2026-41283

critical

Description

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

References

https://www.openwall.com/lists/oss-security/2026/06/03/14

https://security.openstack.org/ossa/OSSA-2026-020.html

https://github.com/openstack/mistral/tags

http://www.openwall.com/lists/oss-security/2026/06/03/14

Details

Source: Mitre, NVD

Published: 2026-06-04

Updated: 2026-06-04

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.9

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00183

Detections

Analytics