CVE-2026-34476

| EUVD-2026-21918 HIGH
2026-04-13 apache GHSA-c4hg-6933-x62x
Apache SSRF
7.1
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
Low
Availability
None

Lifecycle Timeline

2
Analysis Generated
Apr 13, 2026 - 15:39 vuln.today
CVSS Changed
Apr 13, 2026 - 15:22 NVD
7.1 (None) 7.1 (HIGH)

DescriptionNVD

Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP.

This issue affects Apache SkyWalking MCP: 0.1.0.

Users are recommended to upgrade to version 0.2.0, which fixes this issue.

AnalysisAI

Server-Side Request Forgery in Apache SkyWalking MCP 0.1.0 allows authenticated remote attackers to access internal network resources and exfiltrate sensitive data via a malicious SW-URL header. CVSS 7.1 (High severity) with network attack vector and low complexity. …

Sign in for full analysis, threat intelligence, and remediation guidance.

RemediationAI

Within 24 hours: Inventory all instances of Apache SkyWalking MCP 0.1.0 in production and development environments; restrict network access to the SkyWalking MCP service to only authorized personnel and systems. Within 7 days: Implement request validation rules to block suspicious SW-URL header patterns; enable detailed logging and monitoring of all MCP API requests; review user access privileges and remove unnecessary authenticated accounts. …

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-34476 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy