← back
CVE-2026-41283

CVE-2026-41283

CVSS 9.9 CRITICALEPSS 0.7%CWE-863
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
OpenStack · Mistral

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/openstack/mistral/tagshttps://security.openstack.org/ossa/OSSA-2026-020.htmlhttps://www.openwall.com/lists/oss-security/2026/06/03/14http://www.openwall.com/lists/oss-security/2026/06/03/14