CVE-2026-40212
Received Received - Intake
DOM-Based XSS in OpenStack Skyline Console Allows Admin Interface Exploitation

Publication date: 2026-04-10

Last updated on: 2026-04-10

Assigner: MITRE

Description
OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting (XSS) vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-10
Last Modified
2026-04-10
Generated
2026-06-16
AI Q&A
2026-04-10
EPSS Evaluated
2026-06-15
NVD
CVE-2026-40212
EUVD
EUVD-2026-21332
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
openstack skyline_console to 5.0.1 (exc)
openstack skyline_console 6.0.0
openstack skyline_console 7.0.0
openstack skyline to 5.0.1 (exc)
openstack skyline 6.0.0
openstack skyline 7.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-40212 is a DOM-based Cross-Site Scripting (XSS) vulnerability in the OpenStack Skyline Console's instance console log viewer. The vulnerability occurs because the console log output is rendered using JavaScript's document.write() method without sanitizing or escaping the content. This means that if an attacker injects malicious HTML or JavaScript into the console output (for example, via a virtual machine's user-data script or runtime messages), the injected scripts can execute in the administrator's browser when they view the full instance console log through the Skyline web interface.

The issue arises specifically in the frontend code where the console log is opened in a new browser window and the log content is directly embedded as HTML. Since the new window inherits the origin of the Skyline Console application, the malicious scripts gain access to authenticated session data and administrative APIs, posing a significant security risk.

Impact Analysis

This vulnerability allows low-privileged users to inject and execute arbitrary scripts in the browsers of administrators who view instance console logs via the Skyline Console web interface. As a result, attackers can potentially compromise authenticated sessions, access sensitive administrative APIs, and steal operational data.

The impact is significant because the injected scripts run with the same origin as the Skyline Console, enabling attackers to perform actions or access data as if they were the administrator. This can lead to unauthorized access, data leakage, and manipulation of the Skyline Console environment.

Detection Guidance

This vulnerability is a DOM-based Cross-Site Scripting (XSS) issue in the Skyline Console frontend, specifically in the instance console log viewer. Detection involves identifying if the Skyline Console is rendering instance console logs using unsafe methods like document.write() without sanitization.

Since the vulnerability arises when administrators use the "View Full Log" feature to view instance console logs that may contain attacker-controlled data, detection can focus on monitoring usage of this feature and inspecting console log contents for suspicious HTML or JavaScript code.

There are no specific network or system commands provided in the resources to detect this vulnerability automatically. However, manual inspection steps include:

  • Check the Skyline Console frontend source code for usage of document.write() in the console log viewer, especially in the file skyline-console/src/pages/compute/containers/Instance/Detail/Log/index.jsx.
  • Review instance console logs for embedded HTML or JavaScript code that could be executed when viewed.
  • Monitor administrator actions involving the "View Full Log" feature to identify if any suspicious scripts execute in the browser context.

Because this is a frontend vulnerability triggered by viewing logs in a browser, network-based detection commands or automated scanning tools are not described in the provided resources.

Mitigation Strategies

Immediate mitigation steps for CVE-2026-40212 include avoiding the use of the "View Full Log" feature on instance console outputs that may be influenced by untrusted or low-privileged users.

Administrators should refrain from viewing full instance console logs in the Skyline Console web interface until the system is upgraded or patched.

The vulnerability was fixed by changing how instance console logs are rendered, treating log content as plain text rather than raw HTML to prevent script execution.

  • Upgrade Skyline Console to a version containing the fix (e.g., versions 5.0.1, 6.0.0, 7.0.0 or later releases including the fix commit f829bf22d5c5b3b98717fb0e4b50c29c8e41ee60).
  • Apply equivalent patches that sanitize or escape console log output before rendering.

Until upgrades or patches are applied, restrict administrative access to the console log viewer and educate administrators about the risk of executing untrusted console logs.

Compliance Impact

The vulnerability allows low-privileged users to execute arbitrary scripts in administrator browsers, potentially compromising authenticated session data and administrative APIs. This can lead to unauthorized access to sensitive operational data within the Skyline Console.

Such unauthorized access and potential data exposure could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.

However, the provided information does not explicitly discuss or analyze the direct impact of this vulnerability on compliance with these standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-40212. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart