CVE-2026-41283

Summary

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

Affected Software

VendorProductVersion RangeStatus
OpenStackMistral20.0.0 < 20.1.1affected
OpenStackMistral21.0.0affected
OpenStackMistral22.0.0affected

Weaknesses

  • CWE-863: CWE-863 Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

openstack-mistral: OpenStack Mistral: Arbitrary Remote Code Execution via exposed API endpoints

Additional References

References