CVE-2026-40212

MEDIUM CVSS 5.4 View on NVD ↗

Description

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

https://bugs.launchpad.net/skyline-console/+bug/2138575
https://review.opendev.org/973351
https://security.openstack.org/ossa/OSSA-2026-006.html
https://www.openwall.com/lists/oss-security/2026/04/09/30

Published: Apr 10, 2026 08:16 UTC Modified: Apr 10, 2026 16:16 UTC