635 matches found
CVE-2026-29791 Agentgateway: Missing parameter sanitization in MCP to OpenAPI conversion
Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. This issue has been patched in...
CVE-2026-29791
Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. This issue has been patched in...
CVE-2026-29791
CVE-2026-29791 affects Agentgateway, an open source data plane for agentic AI connectivity. Before version 0.12.0, MCP tools/call requests converted to OpenAPI requests did not sanitize input path, query, and header values, enabling parameter injection. The issue is patched in version 0.12.0. Imp...
CVE-2026-29791 Agentgateway: Missing parameter sanitization in MCP to OpenAPI conversion
Agentgateway is an open source data plane for agentic AI connectivity within or across any agent framework or environment. Prior to version 0.12.0, when converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. This issue has been patched in...
CVE-2026-28794
The CVE concerns oRPC and its @orpc/client package. Prior to v1.13.6, the RPC JSON deserializer in StandardRPCJsonSerializer can perform prototype pollution by injecting properties into Object.prototype via attacker-controlled paths in the data (notably through the maps and meta vectors). This vu...
GHSA-V2X6-WWFW-R2RQ Agentgateway is missing parameter sanitization in MCP to OpenAPI conversion
Summary When converting MCP tools/call request to OpenAPI request, input path, query, and header values are not sanitized. Details When using the MCP to OpenAPI feature, the proxy lacks proper sanitization of input parameters in the MCP call, allowing: Injection of additional path or query...
PT-2026-23611
Name of the Vulnerable Software and Affected Versions Agentgateway versions prior to 0.12.0 Description Agentgateway, an open source data plane for agentic AI connectivity, has an issue where input path, query, and header values are not sanitized when converting MCP tools/call requests to OpenAPI...
@graphql-mesh/plugin-rate-limit (>=0.2.23 <=1.0.0-alpha-20230524103718-9e72bdbec), @graphql-mesh/plugin-snapshot (>=0.1.24 <=1.0.0-alpha-20230524103718-9e72bdbec) +13 more potentially affected by CVE-2026-27904 via minimatch (>=8.0.2 <=8.0.4)
minimatch NPM version =8.0.2, =0.2.23, =0.1.24, =0.15.24, =2.0.0-beta.0, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =0.42.1, =1.6.0, =1.4.1, =1.4.4 Source cves: CVE-2026-27904 Source advisory: OSV:GHSA-23C5-XMQV-RM74...
CVE-2026-3053
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...
CVE-2026-3053
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...
CVE-2026-3053
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...
CVE-2026-3053 DataLinkDC dinky OpenAPI Endpoint AppConfig.java addInterceptors missing authentication
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...
CVE-2026-3053
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...
CVE-2026-3053 DataLinkDC dinky OpenAPI Endpoint AppConfig.java addInterceptors missing authentication
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...
EUVD-2026-7432
A vulnerability was determined in DataLinkDC dinky up to 1.2.5. This affects the function addInterceptors of the file dinky-admin/src/main/java/org/dinky/configure/AppConfig.java of the component OpenAPI Endpoint. Executing a manipulation can lead to missing authentication. It is possible to laun...
CVE-2026-3053
DataLinkDC dinky OpenAPI Endpoint vulnerability (CVE-2026-3053) affects dinky up to version 1.2.5, via the addInterceptors function in dinky-admin/src/main/java/org/dinky/configure/AppConfig.java. The flaw enables remote authentication bypass due to manipulation of the OpenAPI Endpoint component....
PT-2026-21639
Name of the Vulnerable Software and Affected Versions DataLinkDC dinky versions up to 1.2.5 Description A flaw exists in DataLinkDC dinky that allows for remote authentication bypass. This is due to a manipulation within the addInterceptors function located in the file...
com.codbex.atlas:codbex-atlas-application (>=2.62.0 <=2.107.0), com.codbex.gaia:codbex-gaia-application (>=2.61.0 <=2.64.0) +22 more potentially affected by CVE-2026-26278 via org.webjars.npm:fast-xml-parser (>=4.5.3 <=5.2.5)
org.webjars.npm:fast-xml-parser MAVEN version =4.5.3, =2.62.0, =2.61.0, =2.52.0, =2.52.0, =2.51.0, =2.51.0, =3.6.0, =2.50.0, =5.0.0, =5.0.0, =11.58.0, =12.2.0, =11.58.0, =11.58.0, =11.48.2, =12.1.0 and more Source cves: CVE-2026-26278 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15325721...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the HandleCreateSmPolicyRequest in smpolicy.go. This allows attackers to trigger an unhandled panic when invoking the openapi API. Remediation Upgrade github.com/free5gc/pcf/internal/sbi/processor to version...
CVE-2026-25141
Orval generates type-safe JS clients TypeScript from any valid OpenAPI v3 or Swagger v2 specification. Versions starting with 7.19.0 and prior to 7.21.0 and 8.2.0 have an incomplete fix for CVE-2026-23947. While the jsStringEscape function properly handles single quotes ', double quotes " and so...