CVSS 9.9 · CRITICAL
CVE-2026-41283
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
View on NVDAnalysis
OpenStack Mistral, the cloud workflow service, is vulnerable to remote code execution when its API is exposed. This critical flaw allows attackers to execute arbitrary code and exfiltrate service credentials, posing a severe risk to cloud infrastructure security.
Relevant roles
BackendPythonCyberSecurityCloudLinux
Severity
Score: 9.9(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HAV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Weakness (CWE):
CWE-863EPSS
No EPSS score yet (CVE may be too fresh).
Technical description
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
Published: 6/4/2026, 4:17:12 AM
Last modified: 6/4/2026, 7:16:26 AM