CVE-2026-29791
Received Received - Intake
Input Sanitization Flaw in Agentgateway MCP Tools Before

Publication date: 2026-03-06

Last updated on: 2026-03-18

Assigner: GitHub, Inc.

Description
Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. This issue has been patched in version 0.12.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-06
Last Modified
2026-03-18
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29791
EUVD
EUVD-2026-10070
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
lfprojects agentgateway to 0.12.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-29791 is a moderate severity vulnerability in the Agentgateway package affecting versions prior to 0.12.0. The issue occurs during the conversion of MCP tools/call requests to OpenAPI requests, where input parameters such as path, query, and header values are not properly sanitized.

This lack of sanitization allows an attacker to inject additional path or query parameters and extra headers into the request, potentially manipulating the request in unintended ways.

The vulnerability can be exploited remotely over the network, requires low privileges, and does not require any user interaction. It affects the security scope beyond the original component and has limited impact on confidentiality and integrity, with no impact on availability.

Impact Analysis

This vulnerability can allow an attacker to inject unauthorized path, query, and header parameters into requests processed by Agentgateway, potentially leading to limited data exposure or modification.

Because the attack can be performed remotely with low privileges and no user interaction, it increases the risk of unauthorized manipulation of requests within affected systems.

However, the impact on confidentiality and integrity is considered low, and there is no impact on availability, meaning the service remains operational despite the attack.

Compliance Impact

I don't know

Detection Guidance

The vulnerability involves improper sanitization of input path, query, and header values during the conversion of MCP tools/call requests to OpenAPI requests in Agentgateway versions prior to 0.12.0.

Detection would involve monitoring network traffic or system logs for unusual or unexpected additional path or query parameters and extra headers injected into requests handled by the MCP to OpenAPI conversion feature.

However, no specific detection commands or tools are provided in the available information.

Mitigation Strategies

The primary mitigation step is to upgrade Agentgateway to version 0.12.0 or later, where the input sanitization issue has been fixed.

Users relying on the MCP to OpenAPI conversion feature should prioritize this upgrade to prevent exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29791. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart