CVE-2026-30778 — Exposure of Sensitive Information Through Data Queries in Software Foundation Apache Skywalking

CWE-202 — Exposure of Sensitive Information Through Data Queries3 documents3 sources

Severity

7.5HIGHCNA

No vector

EPSS

0.0%

top 95.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Software Foundation Apache Skywalking

Timeline

PublishedApr 15

Latest updateApr 16

Description

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue.

Affected Packages1 packages

▶CVEListV5apache_software_foundation/apache_skywalking9.7.0 — 10.3.0

🔴Vulnerability Details

GHSA

SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information↗2026-04-16

▶

CVEList

Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.↗2026-04-15

▶