CVE-2026-30778

HIGH

Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

Title source: cna

Description

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue.

References (2)

Core 2

Core References

Vendor Advisory vendor-advisory

https://lists.apache.org/thread/pvf35o3tp1rqhmrhzj6fg31gvqrqcvn3

Mailing List

http://www.openwall.com/lists/oss-security/2026/04/15/2

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 17.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-202

Status published

Products (3)

apache/skywalking 9.7.0 - 10.4.0

Apache Software Foundation/Apache SkyWalking 9.7.0 - 10.3.0

org.apache.skywalking/server-core 9.7.0 - 10.4.0Maven

Published Apr 15, 2026

Tracked Since Apr 15, 2026