CRITICAL 9.9
GHSA-9hfw-w3f4-c4p8
OpenStack Mistral allows Arbitrary Remote Code Execution when the API is exposed
상세
OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
PyPI / mistral
No fixed version published yet for mistral (pip). Pin to a known-safe version or switch to an alternative.
PyPI / mistral
No fixed version published yet for mistral (pip). Pin to a known-safe version or switch to an alternative.
참고
- https://nvd.nist.gov/vuln/detail/CVE-2026-41283 [ADVISORY]
- https://access.redhat.com/security/cve/CVE-2026-41283 [WEB]
- https://bugzilla.redhat.com/show_bug.cgi?id=2484607 [WEB]
- https://github.com/openstack/mistral [PACKAGE]
- https://github.com/openstack/mistral/tags [WEB]
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-41283.json [WEB]
- https://security.openstack.org/ossa/OSSA-2026-020.html [WEB]
- https://www.openwall.com/lists/oss-security/2026/06/03/14 [WEB]
- http://www.openwall.com/lists/oss-security/2026/06/03/14 [WEB]