CVE-2026-30778: Apache SkyWalking: The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

[Kai Wan <wankai () apache org>]

Severity: moderate 

Affected versions:

- Apache SkyWalking 9.7.0 through 10.3.0

Description:

The SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information of MySQL/PostgreSQL.

This issue affects Apache SkyWalking: from 9.7.0 through 10.3.0.

Users are recommended to upgrade to version 10.4.0, which fixes the issue.

Credit:

shuiboye () gmail com (reporter)

References:

https://skywalking.apache.org/
https://www.cve.org/CVERecord?id=CVE-2026-30778