CVE-2026-41283
CriticalCVSS 9.9Exploitation Probability (EPSS)
Low risk50th percentile — higher than 50% of all known CVEs
Summary
A vulnerability in OpenStack Mistral up to version 22.0.0 allows arbitrary remote code execution when the API is exposed. Endpoints exist that permit code execution, which can lead to exfiltration of service credentials.
Risk Assessment
The risk for the organization includes full compromise of the Mistral service and theft of credentials, potentially enabling further access to the cloud infrastructure.
Recommendation
Immediately restrict access to the Mistral API to trusted networks only and apply security patches once released by the vendor.
Original NVD description (English source)
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

