CVE-2026-14471

Severity CVSS v4.0:
HIGH
Type:
CWE-89 SQL Injection
Publication date:
06/07/2026
Last modified:
06/07/2026

Description

Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in identifier position.<br /> <br /> <br /> <br /> To remediate this issue, users should upgrade to version 1.0.13 or later.