Vulnerability	Vulnerable Version
M Incorrect Authorization agent-mcp-gateway is an An MCP gateway that aggregates your existing MCP servers and lets you define which servers and individual tools each agent or subagent can access. Solves Claude Code's MCP context window waste where all tool definitions load upfront instead of being discovered when actually needed. Affected versions of this package are vulnerable to Incorrect Authorization due to improper rule evaluation in the policy engine. The authorization logic fails to prioritize deny rules over allow rules, allowing explicit allow permissions to override broader wildcard deny policies. An attacker with access to policy-controlled endpoints can exploit this behavior to gain unauthorized access to restricted resources. How to fix Incorrect Authorization? Upgrade `agent-mcp-gateway` to version 0.2.0 or higher.	[,0.2.0)

Incorrect Authorization

agent-mcp-gateway is an An MCP gateway that aggregates your existing MCP servers and lets you define which servers and individual tools each agent or subagent can access. Solves Claude Code's MCP context window waste where all tool definitions load upfront instead of being discovered when actually needed.

Affected versions of this package are vulnerable to Incorrect Authorization due to improper rule evaluation in the policy engine. The authorization logic fails to prioritize deny rules over allow rules, allowing explicit allow permissions to override broader wildcard deny policies. An attacker with access to policy-controlled endpoints can exploit this behavior to gain unauthorized access to restricted resources.

How to fix Incorrect Authorization?

Upgrade agent-mcp-gateway to version 0.2.0 or higher.

[,0.2.0)

Go back to all versions of this package