Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position.
To remediate this issue, users should upgrade to version 1.0.13 or later.
To remediate this issue, users should upgrade to version 1.0.13 or later.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 06 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position. To remediate this issue, users should upgrade to version 1.0.13 or later. | |
| Title | Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry | |
| First Time appeared |
Aws
Aws mcp Gateway Registry |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:aws:mcp_gateway_registry:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Aws
Aws mcp Gateway Registry |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: AMZN
Published:
Updated: 2026-07-06T20:46:44.975Z
Reserved: 2026-07-02T14:25:46.661Z
Link: CVE-2026-14471
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses