CVE-2026-29791

Medium CVSS: 4.9

Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. This issue has been patched in version 0.12.0.

Vendor

Lfprojects

Product

Agentgateway

CWE

CWE-20

Yayın Tarihi

2026-03-06 21:16:15

Güncelleme

2026-03-18 19:03:44

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-20 Agentgateway MEDIUM Lfprojects 2026

Referanslar

https://github.com/agentgateway/agentgateway/security/advisories/GHSA-v2x6-wwfw-r2rq

Benzer Kayıtlar

High

CVE-2026-34742

The Go MCP SDK used Go's standard encoding/json. Prior to version 1.4.0, the Model Context Protocol (MCP) Go SDK does no…

Medium

CVE-2026-34237

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to versions 1.0.1 and 1.1.1,…

High

CVE-2026-33946

MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby S…

Critical

CVE-2025-15031

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar a…

High

CVE-2026-29064

Zarf is an Airgap Native Packager Manager for Kubernetes. From version 0.54.0 to before version 0.73.1, a path traversal…

Medium

CVE-2026-21864

Valkey-Bloom is a Rust based Valkey module which brings a Bloom Filter (Module) data type into the Valkey distributed ke…