{"data":{"id":"27c04ea4-ddda-4c6b-92cb-cb259bbc213f","title":"CVE-2026-14471 - Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry","summary":"A vulnerability called CVE-2026-14471 exists in Amazon mcp-gateway-registry (a tool that manages AI agent access to different services) versions 1.0.3 through 1.0.12. An authenticated user can exploit SQL injection (inserting malicious SQL commands into inputs) in the metrics tracking system to read sensitive data like API keys, or delete and modify stored information.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://aws.amazon.com/security/security-bulletins/rss/2026-052-aws/","publishedAt":"2026-07-06T20:50:20.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["Amazon"],"affectedVendorsRaw":["Amazon","mcp-gateway-registry","Model Context Protocol"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-07-06T20:50:20.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}