High severity7.1NVD Advisory· Published Apr 13, 2026· Updated Apr 20, 2026
CVE-2026-34476
CVE-2026-34476
Description
Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP.
This issue affects Apache SkyWalking MCP: 0.1.0.
Users are recommended to upgrade to version 0.2.0, which fixes this issue.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/apache/skywalking-mcpGo | < 0.2.0 | 0.2.0 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- github.com/advisories/GHSA-c4hg-6933-x62xghsaADVISORY
- lists.apache.org/thread/v0k1xyzzbtnpyrwxwyn36pbspr8rhjnrnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-34476ghsaADVISORY
- www.openwall.com/lists/oss-security/2026/04/13/4nvdMailing ListWEB
News mentions
0No linked articles in our index yet.