Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position.
To remediate this issue, users should upgrade to version 1.0.13 or later.
Metrics
Affected Vendors & Products
References
History
Mon, 06 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position. To remediate this issue, users should upgrade to version 1.0.13 or later. | |
| Title | Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry | |
| First Time appeared |
Aws
Aws mcp Gateway Registry |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:aws:mcp_gateway_registry:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Aws
Aws mcp Gateway Registry |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: AMZN
Published: 2026-07-06T20:33:25.217Z
Updated: 2026-07-07T13:45:02.810Z
Reserved: 2026-07-02T14:25:46.661Z
Link: CVE-2026-14471
No data.
No data.
No data.