Is github.com/agentgateway/agentgateway affected by CVE-2026-29791?

Go github.com/agentgateway/agentgateway is affected in <0.12.0.

Is CVE-2026-29791 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.1%.

medium

CVE-2026-29791

Q: Is CVE-2026-29791 being exploited?

Not on the CISA KEV list. EPSS exploit probability is 0.1%.

Go · github.com/agentgateway/agentgateway

Summary

Agentgateway is missing parameter sanitization in MCP to OpenAPI conversion

Severity: medium
EPSS: 0.1% (p4)
Also known as: GHSA-v2x6-wwfw-r2rq
Published: 2026-03-05

References

https://github.com/agentgateway/agentgateway/security/advisories/GHSA-v2x6-wwfw-r2rq
https://nvd.nist.gov/vuln/detail/CVE-2026-29791
https://github.com/agentgateway/agentgateway/commit/9a5287569d892e77a8be8c3bb7bf3d7744244274

Is your project exposed to this? Stateward checks every dependency on every pull request and flags it only if your code actually reaches it.

Check my repo

Summarize with AI

ChatGPT Claude Perplexity

Sources: CISA KEV (public domain), OSV.dev & GitHub Advisory Database (CC-BY-4.0), FIRST EPSS, NVD/CWE (public domain). Served live from the Stateward advisory database.