OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead to exfiltration of service credentials.
The OpenStack Mistral service exposes API endpoints that do not sufficiently restrict code execution (CWE-863 – improper authorization). An authenticated user with basic privileges (PR:L) can send a specially crafted request to such endpoints, causing arbitrary code execution on the server side. The vulnerability does not require user interaction on the victim side and has a scope extending beyond the vulnerable component (S:C), indicating the possibility of affecting other OpenStack infrastructure resources.
An attacker can gain full control over the server (high impact on confidentiality, integrity, and availability), as well as exfiltrate OpenStack service credentials, which may enable further lateral movement in the cloud infrastructure.
Apply patches available from the vendor according to the references (OSSA-2026-020 published by OpenStack Security). Until the fix is implemented, it is recommended to restrict network access to the Mistral API only to trusted hosts using a firewall or network rules.
OpenStack Mistral in all versions up to and including 22.0.0, when the service API is exposed to network access.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H