SSRF in Apache Software Foundation Skywalking Mcp

CVE-2026-34476

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue.

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.001 (28.4th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Skywalking Mcp — versions 0.1.0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

lists.apache.org/thread/v0k1xyzzbtnpyrwxwyn36pbspr8rhjnr (vendor-advisory)