Vulnerability Details CVE-2026-30778
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.
This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.
Users are recommended to upgrade to version 10.4.0, which fixes the issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.9%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2026-30778
-
cpe:2.3:a:apache:skywalking:10.0.0
-
cpe:2.3:a:apache:skywalking:10.0.1
-
cpe:2.3:a:apache:skywalking:10.1.0
-
cpe:2.3:a:apache:skywalking:10.2.0
-
cpe:2.3:a:apache:skywalking:10.3.0
-
cpe:2.3:a:apache:skywalking:9.7.0