CVE-2026-14471
Severity CVSS v4.0:
HIGH
Type:
CWE-89
SQL Injection
Publication date:
06/07/2026
Last modified:
06/07/2026
Description
Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position.<br />
<br />
<br />
<br />
To remediate this issue, users should upgrade to version 1.0.13 or later.
Impact
Base Score 4.0
8.60
Severity 4.0
HIGH
Base Score 3.x
8.10
Severity 3.x
HIGH



