CVE-2026-41283: OpenStack Mistral through 22
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
Metrics
- CVSS v3.1
- 9.9
- Severity
- CRITICAL
- Fixed in
- 20.1.1
- Affected Products
- 1
HarborGuard Analysis
Synopsis
An arbitrary remote code execution vulnerability affects OpenStack Mistral through version 22.0.0. The affected API endpoints can be reached over the network by any authenticated user with a low-privilege account, requiring no victim interaction. Successful exploitation gives an attacker full code execution on the server, with access to service credentials and the ability to read, modify, or destroy data. A patched-image rebuild at version 20.1.1 is available on HarborGuard for environments running an affected version.
HarborGuard Coverage
Detection of CVE-2026-41283 is available across every HarborGuard environment. The CVE is matched against customer images within minutes of publication, covering images pulled from upstream registries as well as custom-built images that bundle Mistral directly.
AvailableHarborGuard is capable of scoring this finding at CVSS 9.9 (Critical) and weighting it against each environment's compliance policy to determine urgency. Triage routing to the appropriate team inbox within each customer organization is available automatically based on policy configuration.
AvailableA patched-image rebuild pinned to Mistral 20.1.1 is available on HarborGuard for any environment where the detected version falls in the affected range. For customers who opt into auto-remediation, HarborGuard rebuilds the image, runs a regression test suite, and opens a PR against affected workloads; median time from CVE publication to merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled.
AvailableExploit Conditions
- Network reachabilityRequired
The attacker must reach the Mistral API over the network; any internet- or intranet-exposed deployment is in scope.
- AuthenticationRequired
A low-privilege account is sufficient; no administrative rights are needed to reach the vulnerable endpoints.
- Victim interactionNot required
No user action or social engineering is needed; the attacker interacts directly with the API.
- Attack complexityDetail
The exploit is reliable and condition-free; no race conditions or special memory layout are required.
Blast Radius
- Attacker executes arbitrary code in the Mistral service process, gaining full control of the workflow engine.
- Service credentials (API keys, database passwords, inter-service tokens) stored or accessible by Mistral are exposed and can be exfiltrated.
- All data readable by the Mistral service, including workflow definitions and execution history, can be read or modified.
- The Mistral service and any dependent workflow jobs can be crashed or permanently disrupted.
How HarborGuard Handles This
Available on HarborGuard: detection for this critical RCE is active across all connected registries and CI pipelines, matching any image that packages OpenStack Mistral in the affected range (20.0.0 through 22.0.0 before 20.1.1). For customers who opt into auto-remediation, a rebuild targeting Mistral 20.1.1 is queued automatically, followed by a regression run and a PR opened against affected workloads; median time to a merged patch PR for critical-severity issues is around 90 minutes for environments with auto-remediation enabled. Where compliance policy requires manual approval, the rebuilt image and diff are staged and ready for review in the HarborGuard dashboard. Until patching is complete, compensating controls such as network-policy rules that restrict Mistral API access to trusted source CIDRs and egress filtering on the Mistral pod can reduce the exploitable surface.
Fix available
- OpenStack / Mistral< 20.1.1 (from 20.0.0) · 21.0.0 · 22.0.0
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H