HIGHCVE-2026-34476Published 2026-04-13Modified 2026-04-13CNA apache

CVE-2026-34476: Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue.

CVSS v3.1: 7.1
Severity: HIGH
Fixed in: —
Affected Products: 1

Affected packages

Apache Software Foundation / Apache SkyWalking MCP
0.1.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

References

lists.apache.org

Metrics