CVSS 9.9 · CRITICAL
CVE-2026-41283
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
Ver en NVDAnálisis
OpenStack Mistral, the cloud workflow service, is vulnerable to remote code execution when its API is exposed. This critical flaw allows attackers to execute arbitrary code and exfiltrate service credentials, posing a severe risk to cloud infrastructure security.
Roles relevantes
BackendPythonCyberSecurityCloudLinux
Severidad
Puntaje: 9.9(CRITICAL)
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HAV: NETWORK
AC: LOW
PR: LOW
UI: NONE
S: CHANGED
C: HIGH
I: HIGH
A: HIGH
Tipo de falla (CWE):
CWE-863CWE-749EPSS
Probabilidad de explotación (próx. 30 días): 0.0073 (0.7%)
Percentil: 50.1%
EPSS: 2026-07-14
Descripción técnica
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
Publicada: 4/6/2026, 4:17:12
Última modificación: 15/7/2026, 2:21:15
Referencias
- https://github.com/openstack/mistral/tags
- https://security.openstack.org/ossa/OSSA-2026-020.html
- https://www.openwall.com/lists/oss-security/2026/06/03/14
- http://www.openwall.com/lists/oss-security/2026/06/03/14
- https://access.redhat.com/security/cve/CVE-2026-41283
- https://bugzilla.redhat.com/show_bug.cgi?id=2484607
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41283.json