CVE-2026-40212

MEDIUM 5.4

CVSS Score

5.4

EPSS Score

0.0%

EPSS Percentile

8th

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

CWE	CWE-79
Vendor	openstack
Product	skyline
Published	Apr 10, 2026
Last Updated	Apr 10, 2026

Stay Ahead of the Next One

Get instant alerts for openstack skyline

Be the first to know when new medium vulnerabilities affecting openstack skyline are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Affected Versions

OpenStack / Skyline

0 < 5.0.1 6.0.0 7.0.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

bugs.launchpad.net: https://bugs.launchpad.net/skyline-console/+bug/2138575 review.opendev.org: https://review.opendev.org/973351 openwall.com: https://www.openwall.com/lists/oss-security/2026/04/09/30 security.openstack.org: https://security.openstack.org/ossa/OSSA-2026-006.html