CVE-2026-34476

HIGH 7.1

Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server

CVSS Score

7.1

EPSS Score

0.0%

EPSS Percentile

0th

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue.

CWE	CWE-918
Vendor	apache software foundation
Product	apache skywalking mcp
Published	Apr 13, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for apache software foundation apache skywalking mcp

Be the first to know when new high vulnerabilities affecting apache software foundation apache skywalking mcp are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Apache Software Foundation / Apache SkyWalking MCP

0.1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

lists.apache.org: https://lists.apache.org/thread/v0k1xyzzbtnpyrwxwyn36pbspr8rhjnr openwall.com: http://www.openwall.com/lists/oss-security/2026/04/13/4

Credits

🔍 Andrea Cosentino <[email protected]>