CVE-2026-41283

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-41283
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-41283.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-41283
Downstream
Published
2026-06-04T00:00:00Z
Modified
2026-06-18T03:56:31.009656383Z
Severity
  • 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/41xxx/CVE-2026-41283.json",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "20.0.0"
                },
                {
                    "fixed": "20.1.1"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-863"
    ],
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/openstack/mistral

Affected ranges

Type
GIT
Repo
https://github.com/openstack/mistral
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a2259575a69a7dc3700a6b3d74b98deea41f2859
Database specific 
{
    "source": "DESCRIPTION",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "22.0.0"
        }
    ]
}

Affected versions

0.*
0.0.1
0.0.2
0.0.3
0.0.4
0.1
0.1.1
1.*
1.0.0.0b1
1.0.0.0b2
1.0.0.0b3
1.0.0.0rc1
10.*
10.0.0
10.0.0.0b1
10.0.0.0b2
10.0.0.0b3
10.0.0.0rc1
11.*
11.0.0
11.0.0.0rc1
12.*
12.0.0
12.0.0.0rc1
13.*
13.0.0
13.0.0.0rc1
14.*
14.0.0
14.0.0.0rc1
15.*
15.0.0
15.0.0.0rc1
16.*
16.0.0
16.0.0.0b1
16.0.0.0rc1
17.*
17.0.0
17.0.0.0rc1
18.*
18.0.0
18.0.0.0rc1
18.0.1
19.*
19.0.0
19.0.0.0rc1
2.*
2.0.0.0b1
2.0.0.0b2
2.0.0.0b3
2.0.0.0rc1
20.*
20.0.0
20.0.0.0rc1
2015.*
2015.1.0b1
2015.1.0b2
2015.1.0b3
2015.1.0rc1
21.*
21.0.0
21.0.0.0rc1
3.*
3.0.0.0b1
3.0.0.0b2
3.0.0.0b3
3.0.0.0rc1
4.*
4.0.0.0b1
4.0.0.0b2
4.0.0.0b3
4.0.0.0rc1
5.*
5.0.0
5.0.0.0b1
5.0.0.0b2
5.0.0.0b3
5.0.0.0rc1
6.*
6.0.0
6.0.0.0b1
6.0.0.0b2
6.0.0.0b3
6.0.0.0rc1
7.*
7.0.0
7.0.0.0b1
7.0.0.0b2
7.0.0.0b3
7.0.0.0rc1
8.*
8.0.0.0b1
8.0.0.0b2
8.0.0.0rc1
9.*
9.0.0.0b1
9.0.0.0rc1
Other
juno-eol
poc
ussuri-em
victoria-em
wallaby-em
xena-em

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-41283.json"