CVE-2026-30778NVD

Vulnerability Summary

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.

Users are recommended to upgrade to version 10.4.0, which fixes the issue.

Severity Level

HIGH(7.5)

Published Date

Apr 15, 2026

Last Modified

Apr 20, 2026

Exploitation Status

No confirmed exploitation yet

EPSS Score (30-Day)

0.06%Probability

Root Weakness (CWE)

CWE-202: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityNone

AvailabilityNone

External References

https://lists.apache.org/thread/pvf35o3tp1rqhmrhzj6fg31gvqrqcvn3
http://www.openwall.com/lists/oss-security/2026/04/15/2

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2026-30778NVD

Vulnerability Summary

External References