CVE-2026-41283
published 2026-06-04CVE-2026-41283: OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead…
PriorityP269critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.73%
49.7th percentile
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openstack | mistral | — | — |
| openstack | mistral | — | — |
| openstack | mistral | >= 20.0.0 < 20.1.1 | 20.1.1 |
| redhat | openstack-mistral | — | — |
| ubuntu | mistral | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for exploitation of OpenStack Mistral API endpoints that allow code execution; focus on unexpected process spawning from Mistral worker processes ↗
- →Alert on inbound connections to the Mistral API on TCP port 8989 from untrusted or external sources ↗
- →Investigate Mistral worker processes for signs of credential exfiltration following unexpected API calls; the vulnerability allows extraction of sensitive service credentials ↗
- →Audit OpenStack Mistral API access logs for requests to code-execution-capable endpoints, particularly from unauthenticated or unauthorized principals, as access policies were not properly enforced ↗
- ·The Mistral API is only exploitable when exposed; deployments with the API restricted to trusted internal networks are at significantly reduced risk ↗
- ·TCP port 8989 is the typical Mistral API port; verify actual configured port in your deployment before applying firewall mitigations ↗
- ·Red Hat OpenStack Platform 16.2 (openstack-mistral package) is confirmed affected; all versions through 22.0.0 are vulnerable ↗
CVSS provenance
nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vendor_redhat9.9CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Mistral vulnerability
vendor_ubuntu·2026-06-11
CVE-2026-41283 Mistral vulnerability
Title: Mistral vulnerability
Summary: Mistral could be made to expose sensitive information or run code.
Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral
did not properly enforce access policies on some API endpoints. An
attacker could possibly execute arbitrary code on a Mistral worker and
possibly extract sensitive data including service credentials from it.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
openstack-mistral: OpenStack Mistral: Arbitrary Remote Code Execution via exposed API endpoints
vendor_redhat·2026-06-04·CVSS 9.9
CVE-2026-41283 [CRITICAL] CWE-749 openstack-mistral: OpenStack Mistral: Arbitrary Remote Code Execution via exposed API endpoints
openstack-mistral: OpenStack Mistral: Arbitrary Remote Code Execution via exposed API endpoints
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
A flaw was found in OpenStack Mistral. When the API is exposed, a remote attacker can exploit certain endpoints to achieve arbitrary code execution. This allows the attacker to run malicious code on the system and potentially exfiltrate sensitive service credentials.
Mitigation: Restrict network access to the OpenStack Mistral API to trusted internal networks or hosts. Configure firewall rules to limit inbound connections to the Mistral API port (typically 8989) from untrusted sources, ensuring th
GHSA
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed.
ghsa_unreviewed·2026-06-04
CVE-2026-41283 [CRITICAL] CWE-863 OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed.
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
No detection rules found.
No public exploits indexed.
https://github.com/openstack/mistral/tagshttps://security.openstack.org/ossa/OSSA-2026-020.htmlhttps://www.openwall.com/lists/oss-security/2026/06/03/14http://www.openwall.com/lists/oss-security/2026/06/03/14https://access.redhat.com/security/cve/CVE-2026-41283https://bugzilla.redhat.com/show_bug.cgi?id=2484607https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41283.json
2026-06-04
Published