DOM-based Cross-Site Scripting Vulnerability in OpenStack Skyline Console Web Interface
CVE-2026-40212

5.4MEDIUM

Key Information:

Vendor: Openstack
Status: Skyline
Vendor: CVE Published:; 10 April 2026

What is CVE-2026-40212?

The OpenStack Skyline console prior to version 5.0.1 is vulnerable to DOM-based Cross-Site Scripting (XSS). This vulnerability arises from the unsafe use of document.write, which can be exploited when administrators utilize the console web interface to access instance console logs, leading to potential unauthorized actions by attackers.

Affected Version(s)

Skyline 0 < 5.0.1

Skyline 6.0.0

Skyline 7.0.0

References

https://bugs.launchpad.net/skyline-console/+bug/2138575

https://review.opendev.org/973351

https://www.openwall.com/lists/oss-security/2026/04/09/30

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 10, 2026
Vulnerability Reserved
Apr 10, 2026

CVE-2026-40212 Data

JSON

Openstack

What is CVE-2026-40212?

Affected Version(s)

References

CVSS V3.1

Timeline