Information Disclosure in Apache SkyWalking by Apache
CVE-2026-30778

Currently unrated

Key Information:

Vendor: Apache
Status: Apache Skywalking
Vendor: CVE Published:; 15 April 2026

What is CVE-2026-30778?

The Apache SkyWalking application has a vulnerability that allows the /debugging/config/dump endpoint to inadvertently expose sensitive configuration details. This could potentially lead to unauthorized access to environment-specific data, including database configurations for MySQL and PostgreSQL. Users are urged to update to version 10.4.0 to resolve this issue and strengthen their application security.

Affected Version(s)

Apache SkyWalking 9.7.0 <= 10.3.0

References

https://lists.apache.org/thread/pvf35o3tp1rqhmrhzj6fg31gv...

vendor-advisory

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2026
Vulnerability Reserved
Mar 5, 2026

Credit

shuiboye@gmail.com

CVE-2026-30778 Data

JSON