openstatusHQ openstatus: Remote Code Execution via Malicious Links

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

5.3

openstatusHQ openstatus: Remote Code Execution via Malicious Links

CVE-2026-5808

Summary

A vulnerability in openstatusHQ openstatus allows an attacker to execute malicious code by manipulating links. This is a security risk because it could allow an attacker to take control of your system. To protect yourself, update to the latest version of openstatusHQ openstatus as soon as possible.

Original title

Original description

A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/(dashboard)/onboarding/client.tsx of the component Onboarding Endpoint. The manipulation of the argument callbackURL results in cross site scripting. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The patch is identified as 43d9b2b9ef8ae1a98f9bdc8a9f86d6a3dfaa2dfb. It is advisable to implement a patch to correct this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

nvd CVSS2.0 5.0

nvd CVSS3.1 4.3

nvd CVSS4.0 5.3

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

CWE-94 Code Injection

Published: 8 Apr 2026 · Updated: 10 Apr 2026 · First seen: 8 Apr 2026