CVE-2026-29791 — MEDIUM (4.9)

Q: How severe is CVE-2026-29791?

CVE-2026-29791 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-29791?

Check the references section above for vendor advisories and patch information. Affected products include: Lfprojects Agentgateway.

Vulnerability Description

Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. This issue has been patched in version 0.12.0.

CVSS Score

4.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Lfprojects	Agentgateway	< 0.12.0

Related Weaknesses (CWE)

CWE-20

References

https://github.com/agentgateway/agentgateway/security/advisories/GHSA-v2x6-wwfw-Vendor Advisory

FAQ

What is CVE-2026-29791?

CVE-2026-29791 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI re...

How severe is CVE-2026-29791?

CVE-2026-29791 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-29791?

Check the references section above for vendor advisories and patch information. Affected products include: Lfprojects Agentgateway.