CVE-2026-30778

Summary

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.

Users are recommended to upgrade to version 10.4.0, which fixes the issue.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache SkyWalking9.7.0 <= 10.3.0affected

Weaknesses

  • CWE-202: CWE-202 Exposure of Sensitive Information Through Data Queries

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References