CVE-2026-40212 MEDIUM

CVE-2026-40212

Vendor Openstack

Product Skyline

Weakness CWE-79 · XSS

Published April 10, 2026

Last update April 10, 2026

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

Key dates

02Disclosure timeline

April 10, 2026 CVE published

April 10, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-40212 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-11434 WP – Bulk SMS – by SMS.to <= 1.0.12 - Reflected Cross-Site Scripting CVE-2023-5694 CodeAstro Internet Banking System pages_system_settings.php cross site scripting CVE-2023-6986 EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2024-52484 WordPress Wc Recently viewed products plugin <= 1.0.1 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2025-11134 Cudy TR1200 Wireless Settings config cross site scripting

Identifiers

CVE CVE-2026-40212

CWE CWE-79

CVSS 5.4 / MEDIUM

Affected versions

Vendor Openstack

Product Skyline

Affected < 5.0.1

Vendor Openstack

Product Skyline

Affected 6.0.0

Vendor Openstack

Product Skyline

Affected 7.0.0