GHSA-4gph-2hhr-5mwg: Envoy AI Proxy - MCP Message Smuggling Vulnerability
mediumvulnerability
security
Source: GitHub Advisory DatabaseMay 19, 2026
Summary
Envoy AI Gateway has a vulnerability where it improperly parses JSON-RPC messages (a protocol for remote procedure calls) in a case-insensitive way, even though the specification requires case-sensitive matching. This allows attackers to send messages with duplicate fields using different capitalization (like 'name' and 'Name'), causing the gateway to alter and forward a different request than what was originally sent, potentially bypassing security checks in systems that use this gateway.
Classification
Attack Type
RAG Poisoning
Attack SophisticationModerate
Impact (CIA+S)
integrity
AI Component TargetedAPI
Affected Vendors
Affected Packages
github.com/envoyproxy/ai-gateway@< 0.6.0 (fixed: 0.6.0)
Related Issues
Monthly digest — independent AI security research
Original source: https://github.com/advisories/GHSA-4gph-2hhr-5mwg
First tracked: May 19, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 85%