CVE-2026-40212
DOM-Based XSS in OpenStack Skyline Console Allows Admin Interface Exploitation
Publication date: 2026-04-10
Last updated on: 2026-04-10
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openstack | skyline_console | to 5.0.1 (exc) |
| openstack | skyline_console | 6.0.0 |
| openstack | skyline_console | 7.0.0 |
| openstack | skyline | to 5.0.1 (exc) |
| openstack | skyline | 6.0.0 |
| openstack | skyline | 7.0.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-40212 is a DOM-based Cross-Site Scripting (XSS) vulnerability in the OpenStack Skyline Console's instance console log viewer. The vulnerability occurs because the console log output is rendered using JavaScript's document.write() method without sanitizing or escaping the content. This means that if an attacker injects malicious HTML or JavaScript into the console output (for example, via a virtual machine's user-data script or runtime messages), the injected scripts can execute in the administrator's browser when they view the full instance console log through the Skyline web interface.
The issue arises specifically in the frontend code where the console log is opened in a new browser window and the log content is directly embedded as HTML. Since the new window inherits the origin of the Skyline Console application, the malicious scripts gain access to authenticated session data and administrative APIs, posing a significant security risk.
How can this vulnerability impact me? :
This vulnerability allows low-privileged users to inject and execute arbitrary scripts in the browsers of administrators who view instance console logs via the Skyline Console web interface. As a result, attackers can potentially compromise authenticated sessions, access sensitive administrative APIs, and steal operational data.
The impact is significant because the injected scripts run with the same origin as the Skyline Console, enabling attackers to perform actions or access data as if they were the administrator. This can lead to unauthorized access, data leakage, and manipulation of the Skyline Console environment.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a DOM-based Cross-Site Scripting (XSS) issue in the Skyline Console frontend, specifically in the instance console log viewer. Detection involves identifying if the Skyline Console is rendering instance console logs using unsafe methods like document.write() without sanitization.
Since the vulnerability arises when administrators use the "View Full Log" feature to view instance console logs that may contain attacker-controlled data, detection can focus on monitoring usage of this feature and inspecting console log contents for suspicious HTML or JavaScript code.
There are no specific network or system commands provided in the resources to detect this vulnerability automatically. However, manual inspection steps include:
- Check the Skyline Console frontend source code for usage of document.write() in the console log viewer, especially in the file skyline-console/src/pages/compute/containers/Instance/Detail/Log/index.jsx.
- Review instance console logs for embedded HTML or JavaScript code that could be executed when viewed.
- Monitor administrator actions involving the "View Full Log" feature to identify if any suspicious scripts execute in the browser context.
Because this is a frontend vulnerability triggered by viewing logs in a browser, network-based detection commands or automated scanning tools are not described in the provided resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps for CVE-2026-40212 include avoiding the use of the "View Full Log" feature on instance console outputs that may be influenced by untrusted or low-privileged users.
Administrators should refrain from viewing full instance console logs in the Skyline Console web interface until the system is upgraded or patched.
The vulnerability was fixed by changing how instance console logs are rendered, treating log content as plain text rather than raw HTML to prevent script execution.
- Upgrade Skyline Console to a version containing the fix (e.g., versions 5.0.1, 6.0.0, 7.0.0 or later releases including the fix commit f829bf22d5c5b3b98717fb0e4b50c29c8e41ee60).
- Apply equivalent patches that sanitize or escape console log output before rendering.
Until upgrades or patches are applied, restrict administrative access to the console log viewer and educate administrators about the risk of executing untrusted console logs.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows low-privileged users to execute arbitrary scripts in administrator browsers, potentially compromising authenticated session data and administrative APIs. This can lead to unauthorized access to sensitive operational data within the Skyline Console.
Such unauthorized access and potential data exposure could negatively impact compliance with common standards and regulations like GDPR and HIPAA, which require protection of sensitive data and prevention of unauthorized access.
However, the provided information does not explicitly discuss or analyze the direct impact of this vulnerability on compliance with these standards.