Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position. To remediate this issue, users should upgrade to version 1.0.13 or later.
History

Mon, 06 Jul 2026 21:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position. To remediate this issue, users should upgrade to version 1.0.13 or later.
Title Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry
First Time appeared Aws
Aws mcp Gateway Registry
Weaknesses CWE-89
CPEs cpe:2.3:a:aws:mcp_gateway_registry:*:*:*:*:*:*:*:*
Vendors & Products Aws
Aws mcp Gateway Registry
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: AMZN

Published: 2026-07-06T20:33:25.217Z

Updated: 2026-07-07T13:45:02.810Z

Reserved: 2026-07-02T14:25:46.661Z

Link: CVE-2026-14471

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.