==========================================================================
Ubuntu Security Notice USN-8422-1
June 11, 2026

mistral vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Mistral could be made to expose sensitive information or run code.

Software Description:
- mistral: OpenStack Workflow Service

Details:

Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral
did not properly enforce access policies on some API endpoints. An
attacker could possibly execute arbitrary code on a Mistral worker and
possibly extract sensitive data including service credentials from it.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
  mistral-api                     22.0.0-0ubuntu1.1
  mistral-common                  22.0.0-0ubuntu1.1
  mistral-engine                  22.0.0-0ubuntu1.1
  mistral-event-engine            22.0.0-0ubuntu1.1
  mistral-executor                22.0.0-0ubuntu1.1
  python3-mistral                 22.0.0-0ubuntu1.1

Ubuntu 25.10
  mistral-api                     21.0.0-0ubuntu1.1
  mistral-common                  21.0.0-0ubuntu1.1
  mistral-engine                  21.0.0-0ubuntu1.1
  mistral-event-engine            21.0.0-0ubuntu1.1
  mistral-executor                21.0.0-0ubuntu1.1
  python3-mistral                 21.0.0-0ubuntu1.1

Ubuntu 24.04 LTS
  mistral-api                     18.0.1-0ubuntu1.1
  mistral-common                  18.0.1-0ubuntu1.1
  mistral-engine                  18.0.1-0ubuntu1.1
  mistral-event-engine            18.0.1-0ubuntu1.1
  mistral-executor                18.0.1-0ubuntu1.1
  python3-mistral                 18.0.1-0ubuntu1.1

Ubuntu 22.04 LTS
  mistral-api                     14.0.0-0ubuntu1.1
  mistral-common                  14.0.0-0ubuntu1.1
  mistral-engine                  14.0.0-0ubuntu1.1
  mistral-event-engine            14.0.0-0ubuntu1.1
  mistral-executor                14.0.0-0ubuntu1.1
  python3-mistral                 14.0.0-0ubuntu1.1

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-8422-1
  CVE-2026-41283

Package Information:
  https://launchpad.net/ubuntu/+source/mistral/22.0.0-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/mistral/21.0.0-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/mistral/18.0.1-0ubuntu1.1
  https://launchpad.net/ubuntu/+source/mistral/14.0.0-0ubuntu1.1

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to