CVE-2026-4035

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...

EUVD-2026-34068

A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets, which can be exploited to exfiltrate sensitive server-side environment credentials to an attacker-controlled endpoint. This issue arises because the apikey field in...

Envoy AI Proxy - MCP Message Smuggling Vulnerability

Envoy AI Gateway was found to be affected by a protocol parser differential vulnerability due to improper implementation of the JSON-RPC 2.0 specification. Such differential causes a MCP message alteration, potentially causing a bypass of security controls in a multi-layered architecture. Accordi...

GHSA-4GPH-2HHR-5MWG Envoy AI Proxy - MCP Message Smuggling Vulnerability

Envoy AI Gateway was found to be affected by a protocol parser differential vulnerability due to improper implementation of the JSON-RPC 2.0 specification. Such differential causes a MCP message alteration, potentially causing a bypass of security controls in a multi-layered architecture. Accordi...

AI Gateway secret API accepts `$ENV_VAR` references and can be remotely abused to exfiltrate server-side environment credentials to an attacker-controlled upstream endpoint. And the leaked credentials can be further leveraged to break security boundaries.

Analyzed project versions: Current target branch: master Current HEAD: dc8ef3cbbefccf7384f4e3023492aae635c5d5d0 Fix 403 Forbidden for artifact list via query param when defaultpermission=NOPERMISSIONS 21220, commit date: 2026-03-04 The vulnerability is that AI Gateway secrets allow...

CVE-2026-1868

GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted D...

CVE-2026-1868 Improper Neutralization of Special Elements Used in a Template Engine in GitLab AI Gateway

GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted D...

CVE-2026-1868

GitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted D...

CVE-2026-1868

GitLab AI Gateway’s Duo Workflow Service was affected by an insecure template expansion defect in Duo Agent Platform Flow definitions across all 18.1.6–18.8.0 releases. The vulnerability could enable Denial of Service or remote code execution on the Gateway. Mitigation in the listed advisories is...

GitLab AI Gateway 安全漏洞

GitLab AI Gateway is an artificial intelligence service middleware provided by the US company GitLab. Versions 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 of GitLab AI Gateway contain security vulnerabilities. These vulnerabilities stem from insecure template extensions of data provided ...

PT-2026-6978

Name of the Vulnerable Software and Affected Versions GitLab AI Gateway versions 18.1.6 through 18.8.0 Description The GitLab AI Gateway’s Duo Workflow Service component contains a flaw related to improper code generation. This issue allows authenticated attackers to cause a Denial of Service or...

CVE-2025-66405 Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch...

CVE-2025-66405 Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host

Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch...

AI Gateway 代码问题漏洞

AI Gateway is an AI gateway open source by Portkey.ai. A code issue vulnerability exists in AI Gateway versions prior to 1.14.0, which stems from an SSRF vulnerability that could lead to external resource access...

EUVD-2025-37852

kgateway is a Cloud-Native API and AI Gateway. Versions 2.0.4 and below and 2.1.0-agw-cel-rbac through 2.1.0-rc.2 lack authentication, allowing any client with unrestricted network access to the xDS port to retrieve potentially sensitive configuration data including certificate data, backend...

Security Bulletin: IBM Watson AI Gateway for IBM Cloud Pak for Data is vulnerable to follow-redirects open redirect vulnerabilitiy [ CVE-2023-26159]

Summary Potentialfollow-redirects open redirect vulnerabilitiy CVE-2023-26159 have been identified that may affect IBM Watson AI Gateway for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details CVEID:CVE-2023-26159...

Security Bulletin: IBM Watson AI Gateway for IBM Cloud Pak for Data is vulnerable to Node.js semver package denial of service vulnerabilitiy [ CVE-2022-25883]

Summary Potential Node.js semver package denial of service vulnerabilitiy have been identified that may affect IBM Watson AI Gateway for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. CVE-2022-25883 Vulnerability Details...

Security Bulletin: Watson AI Gateway for Cloud Pak for Data is vulnerable to an Ajv (aka Another JSON Schema Validator) could allow a remote attacker to execute arbitrary code on the system (CVE-2020-15366)

Summary Watson Gateway is an internal component, it does not expose any APIs externally. If a remote attacker gained access to the internal CP4D cluster, they could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw in the ajv.validate function...

Security Bulletin: Watson AI Gateway for Cloud Pak for Data is vulnerable to Ansible Runner code execution and could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper shell escaping of the shell command.

Summary Ansible Runner could allow a local authenticated attacker to execute arbitrary code on the system, caused by improper shell escaping of the shell command. CVE-2021-4041 See further details below. Vulnerability Details CVEID:CVE-2021-4041 DESCRIPTION: Ansible Runner could allow a local...