GHSA-9hfw-w3f4-c4p8
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from Vendor (CNA).
CVSS VectorVendor
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
6Description PRE-NVD
AnalysisAI
Remote code execution in OpenStack Mistral through version 22.0.0 allows authenticated attackers with low privileges to execute arbitrary code via exposed API endpoints, leading to exfiltration of service credentials and full compromise of the workflow service. The CVSS 9.9 score reflects scope change (S:C) meaning impact extends beyond Mistral itself into other OpenStack components whose credentials it holds. There is no public exploit identified at time of analysis, but the vulnerability is tagged as Authentication Bypass and RCE, and disclosure occurred via oss-security with vendor coordination.
Technical ContextAI
OpenStack Mistral is the workflow-as-a-service component of OpenStack that orchestrates tasks across other OpenStack services (Nova, Neutron, Keystone, etc.) and stores service credentials to perform these operations on behalf of users. The CWE-863 (Incorrect Authorization) classification indicates the API performs authorization checks but applies them incorrectly, permitting low-privileged callers to reach endpoints that evaluate user-supplied expressions or actions which Mistral's engine executes server-side. Because Mistral natively supports YAQL/Jinja expression evaluation and action execution as part of its workflow definition language, endpoints exposing those primitives without correct authorization translate directly into arbitrary code execution within the Mistral process context.
RemediationAI
Patch available per vendor advisory - upgrade Mistral to a version newer than 22.0.0 as published on https://github.com/openstack/mistral/tags and track the OpenStack VMT bulletin linked from https://security.openstack.org/vmt.html and the oss-security disclosure at https://seclists.org/oss-sec/2026/q2/800 for the exact fixed release identifier, which is not enumerated in the input data. Until patched, restrict network reachability of the Mistral API to trusted operator networks via firewall or service-listener bind address (side effect: end users lose self-service workflow submission), tighten Keystone role assignments so only trusted project members hold any role granting Mistral API access (side effect: legitimate automation accounts need policy review), and audit recent Mistral execution and action-execution logs for unexpected workflow definitions or std.* action calls that could indicate prior abuse.
Same weakness CWE-863 – Incorrect Authorization
View allVendor StatusVendor
SUSE
Severity: CriticalShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-34201