Moderate severityNVD Advisory· Published Mar 6, 2026· Updated Mar 9, 2026
Agentgateway: Missing parameter sanitization in MCP to OpenAPI conversion
CVE-2026-29791
Description
Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. This issue has been patched in version 0.12.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/agentgateway/agentgatewayGo | < 0.12.0 | 0.12.0 |
Affected products
2- Range: < 0.12.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.