CVE-2026-34476 PUBLISHED

Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server

Assigner: apache
Reserved: 28.03.2026 Published: 13.04.2026 Updated: 13.04.2026

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP.

This issue affects Apache SkyWalking MCP: 0.1.0.

Users are recommended to upgrade to version 0.2.0, which fixes this issue.

Product Status

Vendor Apache Software Foundation
Product Apache SkyWalking MCP
Versions Default: unaffected
  • Version 0.1.0 is affected

Credits

  • Andrea Cosentino <ancosen@gmail.com> reporter

References

Problem Types

  • CWE-918 Server-Side Request Forgery (SSRF) CWE