DEBIAN-CVE-2026-41283
- Source
- https://security-tracker.debian.org/tracker/CVE-2026-41283
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2026-41283.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2026-41283
- Upstream
- Published
- 2026-06-04T04:17:12.700Z
- Modified
- 2026-06-15T19:06:26.824226355Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
- References
Affected packages
Debian:11 / mistral
Package
- Name
- mistral
- Purl
- pkg:deb/debian/mistral?arch=source&distro=bullseye
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
11.*
11.0.0-2
12.*
12.0.0~rc1-1
12.0.0-1
12.0.0-2
13.*
13.0.0~rc1-1
13.0.0~rc1-2
13.0.0-1
13.0.0-2
13.0.0-3
14.*
14.0.0~rc1-1
14.0.0-1
14.0.0-2
15.*
15.0.0~rc1-1
15.0.0~rc1-3
15.0.0-1
16.*
16.0.0~rc1-1
16.0.0-1
16.0.0-2
16.0.0-3
16.0.0-4
17.*
17.0.0~rc1-1
17.0.0-1
17.0.0-2
17.0.0-3
18.*
18.0.0~rc1-1
18.0.1-1
19.*
19.0.0~rc1-1
19.0.0~rc1-2
19.0.0-1
19.0.0-2
20.*
20.0.0~rc1-1
20.0.0~rc1-2
20.0.0-1
20.0.0-2
21.*
21.0.0~rc1-1
21.0.0~rc1-2
21.0.0-1
21.0.0-2
21.0.0-4
21.0.0-5
21.0.0-6
22.*
22.0.0~rc1-1
22.0.0~rc1-2
22.0.0~rc1-3
22.0.0-1
Debian:12 / mistral
Package
- Name
- mistral
- Purl
- pkg:deb/debian/mistral?arch=source&distro=bookworm
Debian:13 / mistral
Package
- Name
- mistral
- Purl
- pkg:deb/debian/mistral?arch=source&distro=trixie
Debian:14 / mistral
Package
- Name
- mistral
- Purl
- pkg:deb/debian/mistral?arch=source&distro=forky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected