CVE-2026-41283

critical

Description

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

References

https://www.openwall.com/lists/oss-security/2026/06/03/14

https://github.com/openstack/mistral/tags

http://www.openwall.com/lists/oss-security/2026/06/03/14

Details

Source: Mitre, NVD

Published: 2026-06-04

Updated: 2026-06-04

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.9

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: Critical

Detections

Analytics