CVE-2026-34476: Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server

Qiuxia Fan Mon, 13 Apr 2026 05:53:38 -0700

Severity: important 

Affected versions:


- Apache SkyWalking MCP 0.1.0

Description:

Server-Side Request Forgery via SW-URL Header vulnerability in Apache 
SkyWalking MCP.

This issue affects Apache SkyWalking MCP: 0.1.0.

Users are recommended to upgrade to version 0.2.0, which fixes this issue.

Credit:

Andrea Cosentino <[email protected]> (reporter)

References:

https://skywalking.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-34476

CVE-2026-34476: Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server

Reply via email to