Critical Policy Bypass Flaw Threatens OpenStack Mistral Workflow Environments

### Executive summary The report details a critical zero-day (CVE-2026-41283) in OpenStack Mistral where missing policy enforcement on API endpoints permits authenticated but non-privileged users to create public resources and execute arbitrary code on executor workers, with the additional risk of extracting service credentials; vendor patches are available and administrators are urged to apply them immediately.