Openstack · Mistral · CVE-2026-41283
**Name of the Vulnerable Software and Affected Versions**
OpenStack Mistral versions prior to 22.0.0
**Description**
An issue exists where a policy enforcement bypass allows arbitrary remote code execution when the API is exposed. Specific API endpoints do not properly validate user-supplied inputs, enabling attackers to inject and execute malicious code on the hosting system without requiring authentication or user interaction. This can lead to the exfiltration of sensitive service credentials.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.