vulnerability context

CVE-2026-41283

CVSS 9.9 CRITICALEPSS 46%CWE-863

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

Published 2026-06-04 · last modified 2026-06-04

details

CISA KEV status: Not in catalog
CVSS v3: 9.9 / CRITICAL
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS: 46% percentile (score 0.0023)
CWE: CWE-863

View on NVD → · cve.org

source mentions 5

[CVE Alerts ] CVE-2026-41283 - OpenStack Mistral Arbitrary Remote Code Execution CVE ID : CVE-2026-41283 Published : June 4, 20...Bluesky · 6d ago
[OffSequence] CRITICAL: Remote code execution in OpenStack Mistral (20.0.0 – 22.0.0) via exposed API (CVE-2026-41283). No patch ...Bluesky · 6d ago
[TheHackerWire] 🔴 CVE-2026-41283 - Critical (9.9) OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when...Bluesky · 6d ago
[InfoSec] [OSSA-2026-020] OpenStack Mistral: Mistral policy enforcement bypass allows unauthorized public resource creation and ar...Bluesky · 6d ago
[OSSA-2026-020] OpenStack Mistral: Mistral policy enforcement bypass allows unauthorized public resource creation and arbitrary co...oss-security · 6d ago

source consensus

Bluesky4×
oss-security1×

Want the 3-bullet summary of CVE-2026-41283, plus webhook alerts when KEV is updated? Pro is $10/mo.

Open in reader See Pro →