{"id":"CVE-2026-14471","summary":"Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry","details":"Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position.\n\n\n\nTo remediate this issue, users should upgrade to version 1.0.13 or later.","aliases":["GHSA-79qc-vqfr-xx5q"],"modified":"2026-07-09T03:52:05.682480429Z","published":"2026-07-06T20:33:25.217Z","database_specific":{"cwe_ids":["CWE-89"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/14xxx/CVE-2026-14471.json","cna_assigner":"AMZN"},"references":[{"type":"ADVISORY","url":"https://aws.amazon.com/security/security-bulletins/2026-052-aws/"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/14xxx/CVE-2026-14471.json"},{"type":"ADVISORY","url":"https://github.com/agentic-community/mcp-gateway-registry/security/advisories/GHSA-79qc-vqfr-xx5q"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-14471"},{"type":"FIX","url":"https://github.com/agentic-community/mcp-gateway-registry/releases/tag/v1.0.13"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/agentic-community/mcp-gateway-registry","events":[{"introduced":"f9a3e70d7dabdae0fcb31e2387230cfa3ba21dc0"},{"fixed":"6958b35f33677250f822cec13deebee95086651e"}],"database_specific":{"source":["AFFECTED_FIELD","DESCRIPTION","REFERENCES"],"extracted_events":[{"introduced":"1.0.3"},{"last_affected":"1.0.12"},{"introduced":"0"},{"fixed":"1.0.13"}]}}],"versions":["v1.0.12","v1.0.11","v1.0.10","v1.0.9-patch1","v1.0.8","v1.0.9","v1.0.7","v1.0.6","v1.0.5","v1.0.4","v1.0.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-14471.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"}]}