CVE-2026-41283 flaw in OpenStack Mistral lets hackers run code

THE content details a critical security vulnerability in the OpenStack Mistral workflow service, identified as CVE-2026-41283, which has a CVSS score of 9.9. This flaw arises from insufficient access controls that allow unauthorized users to bypass policies, enabling them to create public resources and execute arbitrary code on backend tasks. Successful exploitation may lead to serious consequences, such as the extraction of sensitive configuration data, including service credentials. It is crucial for users to apply newly released vendor patches to mitigate these risks.