84 matches found
CVE-2026-34476
Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...
CVE-2026-34476
Apache SkyWalking MCP (0.1.0) is affected by a Server-Side Request Forgery vulnerability exposed via the SW-URL header in the MCP Server. The issue affects MCP 0.1.0 and upgrading to 0.2.0 is recommended as the fix. No exploitation details are provided in the sources.
CVE-2026-34476 Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server
Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...
CVE-2026-34476 Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server
Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...
CVE-2026-34476 Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server
Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue...
PT-2026-32336
Name of the Vulnerable Software and Affected Versions Apache SkyWalking MCP version 0.1.0 Description Server-Side Request Forgery occurs via the 'SW-URL' header. Recommendations Upgrade to version 0.2.0...
Apache SkyWalking MCP 安全漏洞
Apache SkyWalking MCP is a distributed system-oriented observability data management and processing component developed by the Apache Foundation. Version 0.1.0 of Apache SkyWalking MCP contains a security vulnerability, which stems from server-side request forgery in the SW-URL header...
PT-2026-32512
Apache SkyWalking CVE-2025-54057: Stored XSS https://t.co/U4ZzTJS7iT CVE-2026-34476: SSRF via SW-URL Header in MCP Server https://t.co/zPXOQv1Xff CVE-2026-34884: SSRF via set skywalking url Tool and GraphQL Expression Injection in MCP Server https://t.co/5H4PWKYENG...
Cross-site Scripting
Apache SkyWalking is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper neutralization of script-related HTML tags, allowing attackers to inject malicious JavaScript into web pages...
Apache SkyWalking Cross-Site Scripting Vulnerability (CNVD-2025-30566)
Apache SkyWalking is an application performance monitor from the Apache Foundation that is primarily used in environments such as microservices, cloud-native and container-based. A cross-site scripting vulnerability exists in Apache SkyWalking version 10.2.0 and earlier, which stems from not...
CVE-2025-54057
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue...
EUVD-2025-199821
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue...
org.apache.skywalking:apache-skywalking-apm (>=6.1.0 <=10.1.0), org.apache.skywalking:apache-skywalking-apm-es7 (>=6.6.0 <=8.7.0) +1 more potentially affected by CVE-2025-54057 via org.apache.skywalking:apm-webapp (>=10.0.1 <=9.7.0)
org.apache.skywalking:apm-webapp MAVEN version =10.0.1, =6.1.0, =6.6.0, =6.0.0-GA, =6.0.0-beta Source cves: CVE-2025-54057 Source advisory: SNYK:JAVA-ORGAPACHESKYWALKING-14220413...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via widget URLs in the skywalking-ui component. An attacker can execute arbitrary scripts in the context of a user's browser by injecting malicious content into stored data that is later rendered in the web...
Apache SkyWalking has a stored XSS vulnerability
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking versions = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue. Version 10.3.0 has not been uploaded to th...
GHSA-V6X2-4Q87-RF82 Apache SkyWalking has a stored XSS vulnerability
There is an Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking versions = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue. Version 10.3.0 has not been uploaded to th...
CVE-2025-54057
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue...
CVE-2025-54057 Apache SkyWalking: Stored XSS vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue...
CVE-2025-54057
Apache SkyWalking contains a stored/basic XSS vulnerability (CVE-2025-54057) due to improper neutralization of script-related HTML tags. Affects SkyWalking
CVE-2025-54057 Apache SkyWalking: Stored XSS vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Apache SkyWalking. This issue affects Apache SkyWalking: = 10.2.0. Users are recommended to upgrade to version 10.3.0, which fixes the issue...