CVE 9.9 CRITICAL

CVE-2026-41283_CVE-2026-41283

June 4, 2026 invoker category_cve

9.9 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

AI Analysis

Arbitrary Remote Code Execution in OpenStack Mistral through 22.0.0

Basic Information

ID CVE-2026-41283

Source mitre

Published Jun 4, 2026 at 00:00

Modified Jun 4, 2026 at 03:44

Affected Product

Vendor OpenStack

Product Mistral

Version 20.0.0

Affected Versions OpenStack Mistral 20.0.0
OpenStack Mistral 21.0.0
OpenStack Mistral 22.0.0

CWE Classification

CWE-863

AI Assessment

AI Score 9.9 / 10

AI Severity Critical

Vendor OpenStack

Product Mistral

Version 20.0.0, 21.0.0, 22.0.0

References

{
    "lastseen": "",
    "description": "OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.",
    "published": "2026-06-04T00:00:00.000Z",
    "modified": "2026-06-04T03:44:52.568Z",
    "type": "cve",
    "title": "CVE-2026-41283",
    "source": "mitre",
    "references": "https://github.com/openstack/mistral/tags\nhttps://www.openwall.com/lists/oss-security/2026/06/03/14",
    "id": "CVE-2026-41283",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "OpenStack Mistral 20.0.0\nOpenStack Mistral 21.0.0\nOpenStack Mistral 22.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 9.9,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Mistral",
    "version": "20.0.0",
    "vendor": "OpenStack",
    "ai_description": "Arbitrary Remote Code Execution in OpenStack Mistral through 22.0.0",
    "ai_severity": "Critical",
    "ai_vendor": "OpenStack",
    "ai_product": "Mistral",
    "ai_version": "20.0.0, 21.0.0, 22.0.0",
    "ai_score": 9.9
}

💭 Join the Security Discussion ❌ Cancel Reply