CVE-2026-41283

Source
https://cve.org/CVERecord?id=CVE-2026-41283
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41283.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-41283
Downstream
Published
2026-06-04T00:00:00Z
Modified
2026-07-10T03:53:43.480813545Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

Database specific
{
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "20.0.0"
                },
                {
                    "fixed": "20.1.1"
                }
            ]
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41283.json",
    "cna_assigner": "mitre",
    "cwe_ids": [
        "CWE-863"
    ]
}
References

Affected packages

Git / github.com/openstack/mistral

Affected ranges

Type
GIT
Repo
https://github.com/openstack/mistral
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "DESCRIPTION"
    ],
    "extracted_events": [
        {
            "introduced": "21.0.0"
        },
        {
            "last_affected": "21.0.0"
        },
        {
            "introduced": "22.0.0"
        },
        {
            "last_affected": "22.0.0"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "22.0.0"
        }
    ]
}

Affected versions

21.*
21.0.0
21.0.0.0rc1
22.*
22.0.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-41283.json"