Spacewander

**Name of the Vulnerable Software and Affected Versions** Agentgateway versions prior to 0.12.0 **Description** Agentgateway, an open source data plane for agentic AI connectivity, has an issue where input path, query, and header values are not sanitized when converting MCP tools/call requests to OpenAPI requests. This allows for the injection of additional path or query parameters and headers. The issue impacts usage of the MCP to OpenAPI feature. **Recommendations** Upgrade to version 0.12.0 or later.