Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position.
To remediate this issue, users should upgrade to version 1.0.13 or later.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/14xxx/CVE-2026-14471.json",
"cna_assigner": "AMZN",
"cwe_ids": [
"CWE-89"
]
}