To remediate this issue, users should upgrade to version 1.0.13 or later.
Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Mon, 06 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position. To remediate this issue, users should upgrade to version 1.0.13 or later. | |
| Title | Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry | |
| First Time appeared |
Aws
Aws mcp Gateway Registry |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:aws:mcp_gateway_registry:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Aws
Aws mcp Gateway Registry |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: AMZN
Published:
Updated: 2026-07-06T20:46:44.975Z
Reserved: 2026-07-02T14:25:46.661Z
Link: CVE-2026-14471
No data.
No data.
No data.
OpenCVE Enrichment
No data.