Overview · Kuadrant/mcp-gateway · GitHub

Security

No security policy detected

This project has not set up a SECURITY.md file yet.

Report a vulnerability

Authority-injection and JWT/session bypass via the unauthenticated router hair-pin "router-key" / "mcp-init-host" path
GHSA-g53w-w6mj-hrpp published May 13, 2026 by david-martin

Critical

Learn more about advisories related to Kuadrant/mcp-gateway in the GitHub Advisory Database