CVE-2026-14471 - Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry
Summary
A vulnerability called CVE-2026-14471 exists in Amazon mcp-gateway-registry (a tool that manages AI agent access to different services) versions 1.0.3 through 1.0.12. An authenticated user can exploit SQL injection (inserting malicious SQL commands into inputs) in the metrics tracking system to read sensitive data like API keys, or delete and modify stored information.
Classification
Affected Vendors
Related Issues
Original source: https://aws.amazon.com/security/security-bulletins/rss/2026-052-aws/
First tracked: July 6, 2026 at 08:00 PM
Classified by LLM (prompt v3) · confidence: 92%