CVE-2026-29791

Description

### Summary When converting MCP `tools/call` request to OpenAPI request, input path, query, and header values are not sanitized. ### Details When using the [MCP to OpenAPI](https://agentgateway.dev/docs/standalone/latest/mcp/connect/openapi/) feature, the proxy lacks proper sanitization of input parameters in the MCP call, allowing: * Injection of additional path or query parameters. * Injection of additional headers. ### Impacted Versions This vulnerability is fixed in Agentgateway v0.12.0+. Users on older versions are recommended to upgrade to v0.12.0+. This feature only impacts usage of the [MCP to OpenAPI](https://agentgateway.dev/docs/standalone/latest/mcp/connect/openapi/) feature ### Credits Agentgateway extends its thanks to @spacewander for the report!

How to fix CVE-2026-29791

To remediate CVE-2026-29791, upgrade the affected package to a fixed version below.

• —upgrade to 0.12.0 or later

Is CVE-2026-29791 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.12.0

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-29791
• PATCHgithub.com/agentgateway/agentgateway
• WEBgithub.com/agentgateway/agentgateway/commit/9a5287569d892e77a8be8c3bb7bf3d7744244274
• WEBgithub.com/agentgateway/agentgateway/security/advisories/GHSA-v2x6-wwfw-r2rq