GitHub Advisory — Agentgateway MCP→OpenAPI parameter injection (CVE-2026-29791)

AI relevance: Agentgateway bridges MCP tool calls to OpenAPI; unsanitized parameters let attackers smuggle extra headers or query values into downstream API calls.

• CVE-2026-29791 affects the MCP→OpenAPI conversion feature in Agentgateway.
• Input path, query, and header values from MCP calls are not sanitized.
• That enables injection of additional query parameters or headers into OpenAPI requests.
• The issue is fixed in Agentgateway v0.12.0+.
• Only deployments using the MCP→OpenAPI feature are impacted.

Why it matters

• Agent proxies are often placed between LLMs and internal APIs; parameter injection breaks request integrity.
• Injected headers can tamper with auth, routing, or feature flags — a subtle but powerful control-plane risk.

What to do

• Upgrade: move to Agentgateway v0.12.0+ or apply the upstream patch.
• Constrain tool calls: validate MCP tool inputs before proxying to OpenAPI endpoints.
• Monitor: flag unexpected headers and query parameters in API gateway logs.

Sources

• GitHub Advisory (GHSA-v2x6-wwfw-r2rq)
• GitLab Advisory
• Fix commit
• NVD entry