CVE-2026-30778
Received Received - Intake
Information Disclosure via /debugging/config/dump in Apache SkyWalking

Publication date: 2026-04-15

Last updated on: 2026-04-20

Assigner: Apache Software Foundation

Description
The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL. This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0. Users are recommended to upgrade to version 10.4.0, which fixes the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-15
Last Modified
2026-04-20
Generated
2026-06-16
AI Q&A
2026-04-15
EPSS Evaluated
2026-06-15
NVD
CVE-2026-30778
EUVD
EUVD-2026-22913
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
apache skywalking From 9.7.0 (inc) to 10.4.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-202 When trying to keep information confidential, an attacker can often infer some of the information by using statistics.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-30778 is a vulnerability in Apache SkyWalking versions 9.7.0 through 10.3.0. It exists in the SkyWalking OAP's /debugging/config/dump endpoint, which may leak sensitive configuration information related to MySQL and PostgreSQL databases.

Impact Analysis

This vulnerability can lead to the exposure of sensitive database configuration information, which could be exploited by attackers to gain unauthorized access or further compromise the affected systems. The risk is considered to be of moderate severity.

Mitigation Strategies

The vulnerability can be mitigated by upgrading Apache SkyWalking to version 10.4.0, which contains the fix for this issue.

Users running versions from 9.7.0 through 10.3.0 are advised to perform this upgrade as soon as possible to prevent sensitive configuration information leakage.

Compliance Impact

The vulnerability in Apache SkyWalking versions 9.7.0 through 10.3.0 involves the potential leakage of sensitive configuration information related to MySQL and PostgreSQL databases via the /debugging/config/dump endpoint.

Exposure of sensitive configuration data could potentially lead to unauthorized access or data breaches, which may impact compliance with data protection standards and regulations such as GDPR and HIPAA that require safeguarding sensitive information.

Users are advised to upgrade to version 10.4.0, where this issue is fixed, to mitigate the risk and help maintain compliance with such standards.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-30778. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart