To remediate this issue, users should upgrade to version 1.0.13 or later.
No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Wed, 08 Jul 2026 06:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Mon, 06 Jul 2026 21:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position. To remediate this issue, users should upgrade to version 1.0.13 or later. | |
| Title | Authenticated SQL injection in the metrics-service retention policy subsystem of mcp-gateway-registry | |
| First Time appeared |
Aws
Aws mcp Gateway Registry |
|
| Weaknesses | CWE-89 | |
| CPEs | cpe:2.3:a:aws:mcp_gateway_registry:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Aws
Aws mcp Gateway Registry |
|
| References |
| |
| Metrics |
cvssV3_1
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: AMZN
Published:
Updated: 2026-07-07T13:45:02.810Z
Reserved: 2026-07-02T14:25:46.661Z
Link: CVE-2026-14471
Updated: 2026-07-07T13:44:58.307Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T05:15:03Z