CVE-2026-40212: OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console

Description

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

Affected Products

Vendor	Product	Versions
openstack	skyline	0, 6.0.0, 7.0.0

References

Related News (2 articles)

Tier C

VulDB17d ago

CVE-2026-40212 | OpenStack Skyline up to 5.0.0/6.0.0/7.0.0 Console Web Interface cross site scripting

→ No new info (linked only)

Tier C

oss-security18d ago

[OSSA-2026-006] OpenStack Skyline: DOM-based XSS in Skyline Console via unsanitized instance console log rendering (CVE-2026-pending)

→ No new info (linked only)

CVE-2026-40212: OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console

Description

Affected Products

References

Related News (2 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History