CVE-2026-34476 | Apache SkyWalking MCP up to 0.1.0 Header SW-URL server-side request forgery (EUVD-2026-21918)

A vulnerability was found in Apache SkyWalking MCP up to 0.1.0. It has been declared as critical. The affected element is an unknown function of the component Header Handler. The manipulation of the argument SW-URL results in server-side request forgery.

This vulnerability is reported as CVE-2026-34476. The attack can be launched remotely. No exploit exists.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More