CVSS 9.9 · CRITICAL
CVE-2026-41283
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
Ver en NVDAnálisis
OpenStack Mistral, the cloud workflow service, is vulnerable to remote code execution when its API is exposed. This critical flaw allows attackers to execute arbitrary code and exfiltrate service credentials, posing a severe risk to cloud infrastructure security.
Roles relevantes
BackendPythonCyberSecurityCloudLinux
Severidad
Puntaje: 9.9(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HAV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE):
CWE-863EPSS
Sin puntaje EPSS aún (CVE muy reciente).
Descripción técnica
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
Publicada: 4/6/2026, 4:17:12
Última modificación: 4/6/2026, 7:16:26