A vulnerability was found in CPython which is used by openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL.
"https://github.com/pypa/advisory-database/blob/main/vulns/nova/PYSEC-2026-693.yaml"