Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.9
Agentgateway: Malicious Input Can Contaminate API Requests
CVE-2026-29791
GHSA-v2x6-wwfw-r2rq
GHSA-v2x6-wwfw-r2rq
Summary
If you use Agentgateway's MCP to OpenAPI conversion feature, a malicious input could potentially inject extra information into your API requests. This could allow an attacker to access unauthorized data or perform other unauthorized actions. To fix this issue, update to Agentgateway version 0.12.0 or later.
What to do
- Update github.com agentgateway to version 0.12.0.
- Update agentgateway github.com/agentgateway/agentgateway to version 0.12.0.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| github.com | agentgateway | <= 0.12.0 | 0.12.0 |
| agentgateway | github.com/agentgateway/agentgateway | <= 0.12.0 | 0.12.0 |
Original title
Agentgateway is missing parameter sanitization in MCP to OpenAPI conversion
Original description
### Summary
When converting MCP `tools/call` request to OpenAPI request, input path, query, and header values are not sanitized.
### Details
When using the [MCP to OpenAPI](https://agentgateway.dev/docs/standalone/latest/mcp/connect/openapi/) feature, the proxy lacks proper sanitization of input parameters in the MCP call, allowing:
* Injection of additional path or query parameters.
* Injection of additional headers.
### Impacted Versions
This vulnerability is fixed in Agentgateway v0.12.0+. Users on older versions are recommended to upgrade to v0.12.0+.
This feature only impacts usage of the [MCP to OpenAPI](https://agentgateway.dev/docs/standalone/latest/mcp/connect/openapi/) feature
### Credits
Agentgateway extends its thanks to @spacewander for the report!
When converting MCP `tools/call` request to OpenAPI request, input path, query, and header values are not sanitized.
### Details
When using the [MCP to OpenAPI](https://agentgateway.dev/docs/standalone/latest/mcp/connect/openapi/) feature, the proxy lacks proper sanitization of input parameters in the MCP call, allowing:
* Injection of additional path or query parameters.
* Injection of additional headers.
### Impacted Versions
This vulnerability is fixed in Agentgateway v0.12.0+. Users on older versions are recommended to upgrade to v0.12.0+.
This feature only impacts usage of the [MCP to OpenAPI](https://agentgateway.dev/docs/standalone/latest/mcp/connect/openapi/) feature
### Credits
Agentgateway extends its thanks to @spacewander for the report!
nvd CVSS3.1
4.9
Vulnerability type
CWE-20
Improper Input Validation
- https://github.com/agentgateway/agentgateway/commit/9a5287569d892e77a8be8c3bb7bf...
- https://github.com/advisories/GHSA-v2x6-wwfw-r2rq
- https://github.com/agentgateway/agentgateway/security/advisories/GHSA-v2x6-wwfw-...
- https://nvd.nist.gov/vuln/detail/CVE-2026-29791
- https://github.com/agentgateway/agentgateway Product
Published: 5 Mar 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026