CVE-2026-41283
Description
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Mitigation details
CVE-2026-41283 NameCVE-2026-41283 SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) Vulnerable and fixed packages The table below lists information on source packages. Source PackageReleaseVersionStatus mistral (PTS)bullseye11.0.0-2vulnerable bookworm15.0.0-1vulnerableβ¦
CVE-2026-41283
| Name | CVE-2026-41283 |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|---|---|---|
| mistral (PTS) | bullseye | 11.0.0-2 | vulnerable |
| bookworm | 15.0.0-1 | vulnerable | |
| trixie | 20.0.0-2 | vulnerable | |
| forky, sid | 22.0.0-1 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| mistral | source | (unstable) | (unfixed) |
Notes
https://www.openwall.com/lists/oss-security/2026/06/03/14
https://launchpad.net/bugs/2147178
Apply commands
https://www.openwall.com/lists/oss-security/2026/06/03/14https://launchpad.net/bugs/2147178OS impact
Debian Affected 5 releases
| Version | Status | Fixed in |
|---|---|---|
| trixie | Affected | β |
| sid | Affected | β |
| forky | Affected | β |
| bullseye | Affected | β |
| bookworm | Affected | β |
References
CWEs
CWE-863
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.