Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2026/VULN383 _____________________________________________________________________ DATE : 14/04/2026 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Apache SkyWalking MCP versions prior to 0.2.0. ===================================================================== https://lists.apache.org/thread/hnrhvp0ork1gy8wxdpf6jkbp0dyoothq https://lists.apache.org/thread/399k1gnfspowl0989z11l73kk1hqd5sp _____________________________________________________________________ CVE-2026-34884: Apache SkyWalking MCP: SSRF via set_skywalking_url Tool and GraphQL Expression Injection in MCP Server Severity: important Affected versions: - Apache SkyWalking MCP 0.1.0 Description: SSRF via set_skywalking_url Tool and GraphQL expression injection vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue. Credit: Andrea Cosentino (reporter) References: https://skywalking.apache.org/ https://www.cve.org/CVERecord?id=CVE-2026-34884 _____________________________________________________________________ CVE-2026-34476: Apache SkyWalking MCP: Server-Side Request Forgery via SW-URL Header in MCP Server Severity: important Affected versions: - Apache SkyWalking MCP 0.1.0 Description: Server-Side Request Forgery via SW-URL Header vulnerability in Apache SkyWalking MCP. This issue affects Apache SkyWalking MCP: 0.1.0. Users are recommended to upgrade to version 0.2.0, which fixes this issue. Credit: Andrea Cosentino (reporter) References: https://skywalking.apache.org/ https://www.cve.org/CVERecord?id=CVE-2026-34476 ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================