Description
Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position.



To remediate this issue, users should upgrade to version 1.0.13 or later.
Published: 2026-07-06
Score: 8.6 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 06 Jul 2026 21:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position. To remediate this issue, users should upgrade to version 1.0.13 or later.
Title Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry
First Time appeared Aws
Aws mcp Gateway Registry
Weaknesses CWE-89
CPEs cpe:2.3:a:aws:mcp_gateway_registry:*:*:*:*:*:*:*:*
Vendors & Products Aws
Aws mcp Gateway Registry
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}


Subscriptions

Aws Mcp Gateway Registry
cve-icon MITRE

Status: PUBLISHED

Assigner: AMZN

Published:

Updated: 2026-07-06T20:46:44.975Z

Reserved: 2026-07-02T14:25:46.661Z

Link: CVE-2026-14471

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses