Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Apache SkyWalking Leaks Sensitive DB Config via Debugging Endpoint
CVE-2026-30778
GHSA-27h3-crw2-q36w
Summary
Apache SkyWalking versions 9.7.0 through 10.3.0 may expose sensitive database settings. This could allow unauthorized access to your database credentials. To fix, update to version 10.4.0 or later.
What to do
- Update org.apache.skywalking:server-core to version 10.4.0.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| maven | – | org.apache.skywalking:server-core |
>= 9.7.0, < 10.4.0 Fix: upgrade to 10.4.0
|
Original title
SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information
Original description
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.
This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.
Users are recommended to upgrade to version 10.4.0, which fixes the issue.
This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.
Users are recommended to upgrade to version 10.4.0, which fixes the issue.
nvd CVSS3.1
7.5
Vulnerability type
CWE-202
- https://lists.apache.org/thread/pvf35o3tp1rqhmrhzj6fg31gvqrqcvn3
- http://www.openwall.com/lists/oss-security/2026/04/15/2
- https://nvd.nist.gov/vuln/detail/CVE-2026-30778
- https://github.com/apache/skywalking/commit/5a3f6260e4dd681a9132204e5299064bef07...
- https://github.com/advisories/GHSA-27h3-crw2-q36w
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026