← Back to feed
Update:
[CRITICAL] GHSA-g53w-w6mj-hrpp: MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated router hair-pin "router-key" / "mcp-init-host" path
GitHub Security Advisory·Security·SecurityFix·5/19/2026
## Summary The MCP router (ext_proc) exposes an `initialize`-method code path that, when a request carries an `mcp-init-host` header, bypasses the gateway JWT session validator and rewrites the upstream `:authority` header to whatever the caller chooses, gated only by a single shared header value
Why it matters → github.com/kuadrant/mcp-gateway released an update. Review the changelog for relevant changes.
Who should care → Teams using github.com/kuadrant/mcp-gateway.
github.com/kuadrant/mcp-gateway
View original source ↗Source payload preview
{
"ghsaId": "GHSA-g53w-w6mj-hrpp",
"summary": "MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated router hair-pin \"router-key\" / \"mcp-init-host\" path",
"severity": "CRITICAL",
"updatedAt": "2026-05-19T19:42:49Z",
"references": [
{
"url": "https://github.com/Kuadrant/mcp-gateway/security/advisories/GHSA-g53w-w6mj-hrpp"
},
{
"url": "https://github.com/advisories/GHSA-g53w-w6mj-hrpp"
}
],
"description": "## Summary\n \nThe MCP router (ext_proc) exposes an `initialize`-method code path that, when a\nrequest carries an `mcp-init-host` header, bypasses the gateway JWT session\nvalidator and rewrites the upstream `:authority` header to whatever the caller\nchooses, gated only by a single shared header value (`router-key`).
…