cbcvebase.
CVE-2026-41283
published 2026-06-04

CVE-2026-41283: OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead…

PriorityP269critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
0.73%
49.7th percentile
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

Affected

5 ranges
VendorProductVersion rangeFixed in
openstackmistral
openstackmistral
openstackmistral>= 20.0.0 < 20.1.120.1.1
redhatopenstack-mistral
ubuntumistral

Detection & IOCsextracted from sources · hover to see the quote

  • Monitor for exploitation of OpenStack Mistral API endpoints that allow code execution; focus on unexpected process spawning from Mistral worker processes
  • Alert on inbound connections to the Mistral API on TCP port 8989 from untrusted or external sources
  • Investigate Mistral worker processes for signs of credential exfiltration following unexpected API calls; the vulnerability allows extraction of sensitive service credentials
  • Audit OpenStack Mistral API access logs for requests to code-execution-capable endpoints, particularly from unauthenticated or unauthorized principals, as access policies were not properly enforced
  • ·The Mistral API is only exploitable when exposed; deployments with the API restricted to trusted internal networks are at significantly reduced risk
  • ·TCP port 8989 is the typical Mistral API port; verify actual configured port in your deployment before applying firewall mitigations
  • ·Red Hat OpenStack Platform 16.2 (openstack-mistral package) is confirmed affected; all versions through 22.0.0 are vulnerable

CVSS provenance

nvdv3.19.9CRITICALCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
vendor_redhat9.9CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.