CVE-2026-29791
📋 TL;DR
Agentgateway versions before 0.12.0 fail to sanitize input path, query, and header values when converting MCP tools/call requests to OpenAPI requests. This allows potential injection attacks that could manipulate API behavior or access unauthorized data. Anyone using Agentgateway for agentic AI connectivity with affected versions is vulnerable.
💻 Affected Systems
- Agentgateway
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject malicious payloads into API requests, potentially leading to server-side request forgery (SSRF), data leakage, or manipulation of AI agent behavior and outputs.
Likely Case
Unauthorized data access or manipulation of API responses through crafted input parameters, potentially affecting the integrity of AI agent operations.
If Mitigated
With proper input validation and sanitization, the vulnerability would be prevented, maintaining secure API request processing.
🎯 Exploit Status
The vulnerability involves unsanitized input parameters, which typically requires minimal technical skill to exploit if the attack vector is identified.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 0.12.0
Vendor Advisory: https://github.com/agentgateway/agentgateway/security/advisories/GHSA-v2x6-wwfw-r2rq
Restart Required: Yes
Instructions:
1. Update Agentgateway to version 0.12.0 or later. 2. Restart the Agentgateway service. 3. Verify the update was successful by checking the version.
🔧 Temporary Workarounds
Input Validation Middleware
allImplement custom input validation and sanitization for all path, query, and header parameters before they reach the MCP to OpenAPI conversion layer.
Network Segmentation
allRestrict network access to Agentgateway instances to only trusted sources and implement API gateway with request validation.
🧯 If You Can't Patch
- Implement strict input validation at the application layer for all API parameters
- Deploy a web application firewall (WAF) with rules to detect and block injection attempts
🔍 How to Verify
Check if Vulnerable:
Check the Agentgateway version. If it's below 0.12.0, the system is vulnerable.Check Version:
agentgateway --versionVerify Fix Applied:
After updating to 0.12.0 or later, test that input parameters are properly sanitized by attempting to inject special characters in path, query, and header values.📡 Detection & Monitoring
Log Indicators:
- Unusual or malformed path/query/header parameters in API requests
- Failed API requests with injection patterns
Network Indicators:
- HTTP requests with suspicious characters in URL parameters or headers
- Unusual API call patterns to Agentgateway endpoints
SIEM Query:
source="agentgateway" AND (url="*%*" OR header="*<*" OR query="*|*")