CVE-2026-40212

MEDIUM NVD

CVSS Score 5.4

Severity MEDIUM

Published Apr 10, 2026

Vendor unknown

Description

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

References

https://bugs.launchpad.net/skyline-console/+bug/2138575
https://review.opendev.org/973351
https://www.openwall.com/lists/oss-security/2026/04/09/30