Summary
A critical severity remote code execution (RCE) vulnerability has been disclosed in OpenStack Mistral, the workflow service component of the OpenStack cloud platform. Tracked as CVE-2026-41283 with a CVSS score of 9.9, the flaw allows unauthenticated or low-privilege attackers to execute arbitrary remote code when the Mistral API is publicly exposed — enabling full service credential exfiltration.
Vulnerability Details
| Field | Details |
|---|---|
| CVE ID | CVE-2026-41283 |
| CVSS Score | 9.9 (Critical) |
| Affected Software | OpenStack Mistral through version 22.0.0 |
| Attack Vector | Network |
| Authentication Required | Minimal (API exposure) |
| Impact | Remote Code Execution, Credential Exfiltration |
Technical Description
OpenStack Mistral is the workflow-as-a-service component of OpenStack, used to orchestrate long-running cloud tasks and automation pipelines. The vulnerability exists in specific API endpoints that allow code execution without adequate authorization controls.
When the Mistral API is exposed to untrusted networks — a configuration common in multi-tenant OpenStack deployments — attackers can trigger these endpoints to:
- Execute arbitrary remote code in the context of the Mistral service
- Exfiltrate service credentials stored within the OpenStack environment
- Pivot laterally across the OpenStack infrastructure using stolen credentials
- Compromise tenant workloads through orchestration manipulation
The flaw stems from insufficient input validation and authorization enforcement in Mistral's workflow action execution pipeline, allowing crafted API requests to invoke system-level operations.
Affected Versions
All versions of OpenStack Mistral through 22.0.0 are confirmed vulnerable. There is currently no public patch available from the upstream OpenStack project as of the disclosure date.
Risk Assessment
This vulnerability carries an exceptionally high risk profile for organizations running OpenStack:
- Cloud infrastructure exposure: Mistral orchestrates critical workflows across OpenStack deployments; RCE here can cascade across the entire cloud stack
- Credential theft: Service account tokens and keystone credentials exposed through this path can enable complete cloud takeover
- Multi-tenant risk: Shared OpenStack environments face cross-tenant impact if the Mistral API is accessible within tenant networks
- Limited detection: Malicious API calls may blend with legitimate workflow activity in logs
Recommended Actions
- Restrict API access immediately: Ensure the Mistral API (default port 8989) is not exposed to untrusted networks using firewall rules or security groups
- Audit API exposure: Review OpenStack network topology to confirm Mistral endpoints are only reachable from trusted management networks
- Enable API authentication logging: Increase log verbosity on Mistral API calls to detect exploitation attempts
- Monitor for patches: Watch the OpenStack Security Advisories page for an official patch release
- Review service account permissions: Apply least-privilege principles to Mistral service accounts to limit blast radius if exploited
- Consider disabling Mistral: If workflows are not actively used, consider temporarily disabling the Mistral service until a patch is available
Indicators of Compromise
Watch for the following signs of exploitation:
- Unexpected process spawning from the Mistral service user
- Unusual outbound network connections from OpenStack controller nodes
- Anomalous keystone token generation tied to Mistral service accounts
- Unexpected workflow executions in the Mistral audit log
- New OS user accounts or SSH key modifications on controller nodes