CVE Catalog

CVE-2026-41283

CriticalCVSS 9.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.73%

50th percentile — higher than 50% of all known CVEs

Summary

A vulnerability in OpenStack Mistral up to version 22.0.0 allows arbitrary remote code execution when the API is exposed. Endpoints exist that permit code execution, which can lead to exfiltration of service credentials.

Risk Assessment

The risk for the organization includes full compromise of the Mistral service and theft of credentials, potentially enabling further access to the cloud infrastructure.

Recommendation

Immediately restrict access to the Mistral API to trusted networks only and apply security patches once released by the vendor.

Original NVD description (English source)

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS