CVE-2026-29791
Input Sanitization Flaw in Agentgateway MCP Tools Before
Publication date: 2026-03-06
Last updated on: 2026-03-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lfprojects | agentgateway | to 0.12.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-29791 is a moderate severity vulnerability in the Agentgateway package affecting versions prior to 0.12.0. The issue occurs during the conversion of MCP tools/call requests to OpenAPI requests, where input parameters such as path, query, and header values are not properly sanitized.
This lack of sanitization allows an attacker to inject additional path or query parameters and extra headers into the request, potentially manipulating the request in unintended ways.
The vulnerability can be exploited remotely over the network, requires low privileges, and does not require any user interaction. It affects the security scope beyond the original component and has limited impact on confidentiality and integrity, with no impact on availability.
How can this vulnerability impact me? :
This vulnerability can allow an attacker to inject unauthorized path, query, and header parameters into requests processed by Agentgateway, potentially leading to limited data exposure or modification.
Because the attack can be performed remotely with low privileges and no user interaction, it increases the risk of unauthorized manipulation of requests within affected systems.
However, the impact on confidentiality and integrity is considered low, and there is no impact on availability, meaning the service remains operational despite the attack.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves improper sanitization of input path, query, and header values during the conversion of MCP tools/call requests to OpenAPI requests in Agentgateway versions prior to 0.12.0.
Detection would involve monitoring network traffic or system logs for unusual or unexpected additional path or query parameters and extra headers injected into requests handled by the MCP to OpenAPI conversion feature.
However, no specific detection commands or tools are provided in the available information.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade Agentgateway to version 0.12.0 or later, where the input sanitization issue has been fixed.
Users relying on the MCP to OpenAPI conversion feature should prioritize this upgrade to prevent exploitation.