CVE-2026-41283

EUVD-2026-34201
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
Debian logo
Debian Releases
Debian Product
Codename
mistral
bookworm
vulnerable
bullseye
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
Common Weakness Enumeration
References
https://github.com/openstack/mistral/tags
https://security.openstack.org/ossa/OSSA-2026-020.html
https://www.openwall.com/lists/oss-security/2026/06/03/14
http://www.openwall.com/lists/oss-security/2026/06/03/14