What is CVE-2026-5808?

CVE-2026-5808 is a medium-severity vulnerability in Openstatushq Openstatus, classified under Cross-site Scripting. CVSS score: 4.3/10. Published 2026-04-08.

How severe is CVE-2026-5808?

Medium severity. CVSS v3 base score is 4.3 out of 10.

RCE in Openstatushq Openstatus

CVE-2026-5808

A vulnerability was detected in openstatusHQ openstatus up to 1b678e71a85961ae319cbb214a8eae634059330c. This impacts an unknown function of the file apps/dashboard/src/app/(dashboard)/onboarding/client.tsx of the component Onboarding Endpo…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.000 (13.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:X/RL:O/RC:C.

Affected products

Openstatushq Openstatus — versions 1b678e71a85961ae319cbb214a8eae634059330c

Weakness classification (CWE)

References

VDB-356245 | openstatusHQ openstatus Onboarding Endpoint client.tsx cross site scripting (vdb-entry, technical-description)
VDB-356245 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #787321 | OpenStatus HQ OpenStatus 20260314 DOM-Based XSS, Open Redirect (third-party-advisory)
gist.github.com/TrebledJ/ab83abb1ca7ff6c1f39e16a37020f323 (related)
github.com/openstatusHQ/openstatus/pull/1981 (issue-tracking, patch)
github.com/openstatusHQ/openstatus/commit/43d9b2b9ef8ae1a98f9bdc8a9f86d6a3dfaa2… (patch)
github.com/openstatusHQ/openstatus/ (product)

Frequently asked questions

What is CVE-2026-5808?: CVE-2026-5808 is a medium-severity vulnerability in Openstatushq Openstatus, classified under Cross-site Scripting. CVSS score: 4.3/10. Published 2026-04-08.
How severe is CVE-2026-5808?: Medium severity. CVSS v3 base score is 4.3 out of 10.