CVE-2026-30778 PUBLISHED

Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

Assigner: apache
Reserved: 05.03.2026 Published: 15.04.2026 Updated: 15.04.2026

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.

Users are recommended to upgrade to version 10.4.0, which fixes the issue.

Product Status

Vendor Apache Software Foundation
Product Apache SkyWalking
Versions Default: unaffected
  • affected from 9.7.0 to 10.3.0 (incl.)

Credits

  • shuiboye@gmail.com reporter

References

Problem Types

  • CWE-202 Exposure of Sensitive Information Through Data Queries CWE