Back

Critical Code Execution Vulnerability in Mistral Affects Multiple Ubuntu Releases

Severity: High (Score: 74.0)

Sources: launchpad.net, Linuxsecurity, Ubuntu

Published: 2026-06-11 · Updated: 2026-06-11

Keywords: ubuntu, mistral, code, important, execution, threat, usn-8422

Summary

A significant security vulnerability has been identified in Mistral, the OpenStack Workflow Service, affecting Ubuntu 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS. Discovered by Eduardo Gonzalez Gutierrez and Arnaud Morin, the flaw allows attackers to execute arbitrary code on Mistral workers and potentially extract sensitive information, including service credentials. The vulnerability arises from improper enforcement of access policies on certain API endpoints. Users are advised to update their systems to the specified package versions to mitigate the risk. A standard system update will address the issue across all affected versions. This vulnerability is critical due to the potential for unauthorized access and data exposure. Key Points: • Mistral vulnerability allows arbitrary code execution on affected Ubuntu systems. • Sensitive data, including service credentials, may be exposed due to this flaw. • Users must update to specific package versions to mitigate the vulnerability.

Detailed Analysis

**Impact** Multiple Ubuntu releases are affected, including Ubuntu 26.04 LTS, 25.10, 24.04 LTS, and 22.04 LTS, along with their derivatives. The vulnerability allows attackers to execute arbitrary code on Mistral workers and potentially extract sensitive data such as service credentials. This impacts organizations using OpenStack Workflow Service (Mistral) across various sectors relying on these Ubuntu versions, potentially compromising operational integrity and confidential information. **Technical Details** The vulnerability arises from improper enforcement of access policies on certain Mistral API endpoints, enabling unauthorized code execution and data exposure. Discovered by Eduardo Gonzalez Gutierrez and Arnaud Morin, the flaw affects multiple Mistral components (api, common, engine, event-engine, executor, python3-mistral) across Ubuntu versions. No CVE identifiers or specific malware/tools were mentioned. The attack targets the execution and data access stages of the kill chain via API exploitation. **Recommended Response** Apply the updated Mistral package versions provided for each Ubuntu release immediately, as detailed in Ubuntu Security Notice USN-8422-1. Perform a full system update to ensure all components are patched. Monitor API endpoint access for unusual activity and unauthorized requests. No additional IOCs or detection signatures were provided in the sources.

Source articles (3)

  • USN-8422-1: Mistral vulnerability — Ubuntu · 2026-06-11
    Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral did not properly enforce access policies on some API endpoints. An attacker could possibly execute arbitrary code on a Mistral worke…
  • Ubuntu Mistral Important Code Execution Threat USN-8422 — Linuxsecurity · 2026-06-11
    A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 26.04 LTS - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Mistral could be made to expose sensitive inform…
  • Mistral — launchpad.net · 2026-06-11
    mistral-api: OpenStack Workflow service - API mistral-common: OpenStack Workflow service - common files mistral-engine: OpenStack Workflow service - Engine mistral- event-engine: OpenStack Workflow se…

Timeline

  • 2026-06-11 — Mistral vulnerability disclosed: Eduardo Gonzalez Gutierrez and Arnaud Morin reported a critical vulnerability in Mistral affecting multiple Ubuntu releases.
  • 2026-06-11 — Ubuntu releases security notice USN-8422-1: Ubuntu issued a security notice detailing the Mistral vulnerability and recommended updates for affected systems.

Related entities

  • Data Breach (Attack Type)
  • CWE-200 - Exposure of Sensitive Information (Cwe)
  • CWE-862 - Missing Authorization (Cwe)
  • T1041 - Exfiltration Over C2 Channel (Mitre Attack)
  • OpenStack (Platform)
  • Mistral (Platform)
  • Ubuntu (Company)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed